Simon Glass, what do you think? What is the best solution from your
point of view?
Mikhail Kshevetskiy
On 07.06.2025 11:00, Jonas Karlman wrote:
> Hi Mikhail,
>
> On 2025-06-07 00:31, Mikhail Kshevetskiy wrote:
>> load_simple_fit() returns -EPERM for the images with broken signatures.
>> Unfortunately this may conflict with image loaging selection on the base
>> of boot phase. See commit 873112db9ce68c38984ff25808dde726f8dd5573
>> ("spl: Support selecting images based on phase in simple FIT").
>>
>> Thus loading of
>>
>> configurations {
>> uboot {
>> description = "u-boot";
>> firmware = "atf";
>> loadables = "atf", "tee", "uboot";
>> };
>> };
>>
>> with damaged "tee" image may finish without errors. This may results in
>> board bricking. This should not happen.
>>
>> The simplest way to resolve an issue is returning the different error
>> code for the cases of broken signature.
>>
>> Signed-off-by: Mikhail Kshevetskiy <mikhail.kshevets...@iopsys.eu>
>> ---
>> common/spl/spl_fit.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
>> index ab277bb2baa..783bb84bdb5 100644
>> --- a/common/spl/spl_fit.c
>> +++ b/common/spl/spl_fit.c
>> @@ -322,7 +322,7 @@ static int load_simple_fit(struct spl_load_info *info,
>> ulong fit_offset,
>> fit_get_name(fit, node, NULL));
>> if (!fit_image_verify_with_data(fit, node, gd_fdt_blob(), src,
>> length))
>> - return -EPERM;
>> + return -EACCES;
> I think a proper solution would be to fix the bad use of EPERM in the
> commit 873112db9ce6 ("spl: Support selecting images based on phase in
> simple FIT").
>
> That commit should never have used EPERM in the first place, it should
> be reverted or its use of EPERM could be changed to something that is
> currently NOT used to block loading images that fail e.g. a signature
> check.
>
> Regards,
> Jonas
>
>> puts("OK\n");
>> }
>>
