Hi Patrick,
> From: Patrick Oppenlander <[email protected]> > > This patch addresses issue #2 for signed configurations. > > -----8<----- This "line" will be included in the commit message ;) > Including the image cipher properties in the configuration signature > prevents an attacker from modifying cipher, key or iv properties. > > Signed-off-by: Patrick Oppenlander <[email protected]> Reviewed-by: Philippe Reynes <[email protected]> Regards, Philippe > --- > tools/image-host.c | 17 +++++++++++++++++ > 1 file changed, 17 insertions(+) > > diff --git a/tools/image-host.c b/tools/image-host.c > index e5417beee5..3d52593e36 100644 > --- a/tools/image-host.c > +++ b/tools/image-host.c > @@ -744,6 +744,23 @@ static int fit_config_get_hash_list(void *fit, int > conf_noffset, > return -ENOMSG; > } > > + /* Add this image's cipher node if present */ > + noffset = fdt_subnode_offset(fit, image_noffset, > + FIT_CIPHER_NODENAME); > + if (noffset != -FDT_ERR_NOTFOUND) { > + if (noffset < 0) { > + printf("Failed to get cipher node in configuration '%s/%s' image '%s': > %s\n", > + conf_name, sig_name, iname, > + fdt_strerror(noffset)); > + return -EIO; > + } > + ret = fdt_get_path(fit, noffset, path, sizeof(path)); > + if (ret < 0) > + goto err_path; > + if (strlist_add(node_inc, path)) > + goto err_mem; > + } > + > image_count++; > } > > -- > 2.27.0
