On Tue, 20 Apr 2021 19:19:44 +0100 John Keeping <[email protected]> wrote:
> The "-E" option to mkimage generates a FIT with external data using the > data-size and data-offset properties which must both be ignored when > verifying a signature. > > Add "data-offset" to the list of excluded properties for signature > verification; since the line is now too long, re-format the list to > one-per-line and make it static since the data is constant. > > Signed-off-by: John Keeping <[email protected]> > --- Any feedback on this? It would be nice to be able to verify all image types produced by mkimage! Thanks, John > common/image-fit-sig.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/common/image-fit-sig.c b/common/image-fit-sig.c > index 55ddf1879e..b979cd2a4b 100644 > --- a/common/image-fit-sig.c > +++ b/common/image-fit-sig.c > @@ -245,7 +245,13 @@ static int fit_config_check_sig(const void *fit, int > noffset, > int required_keynode, int conf_noffset, > char **err_msgp) > { > - char * const exc_prop[] = {"data", "data-size", "data-position"}; > + static char * const exc_prop[] = { > + "data", > + "data-size", > + "data-position", > + "data-offset" > + }; > + > const char *prop, *end, *name; > struct image_sign_info info; > const uint32_t *strings;
