On 1/12/21 12:18 PM, Philippe Reynes wrote:
Hi Philippe,
In the function rsa_verify_hash, if the "main" key doesn't
work, u-boot try others keys. But it searches those keys
in the FIT image instead of the u-boot device tree.
Signed-off-by: Philippe Reynes <[email protected]>
---
lib/rsa/rsa-verify.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 0ab0f629d0..e34d3293d1 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -522,10 +522,10 @@ int rsa_verify_hash(struct image_sign_info *info,
return ret;
/* No luck, so try each of the keys in turn */
- for (ndepth = 0, noffset = fdt_next_node(info->fit, sig_node,
+ for (ndepth = 0, noffset = fdt_next_node(blob, sig_node,
&ndepth);
(noffset >= 0) && (ndepth > 0);
- noffset = fdt_next_node(info->fit, noffset, &ndepth)) {
+ noffset = fdt_next_node(blob, noffset, &ndepth)) {
if (ndepth == 1 && noffset != node) {
ret = rsa_verify_with_keynode(info, hash,
sig, sig_len,
I was looking at this code ot too long ago and didn't notice the
inconsistency. I think it would be better to use 'info->fdt_blob' and
get rid of 'blob' completely.
Alex
