On 25.10.21 15:12, Marek Behún wrote:
From: Pali Rohár <p...@kernel.org>
Data part of the image contains 4-byte checksum. Validate it when
processing the image.
Signed-off-by: Pali Rohár <p...@kernel.org>
[ refactored ]
Signed-off-by: Marek Behún <marek.be...@nic.cz>
Reviewed-by: Stefan Roese <s...@denx.de>
Thanks,
Stefan
---
tools/kwboot.c | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/tools/kwboot.c b/tools/kwboot.c
index 4e29317f10..bc44301535 100644
--- a/tools/kwboot.c
+++ b/tools/kwboot.c
@@ -1251,6 +1251,37 @@ kwboot_hdr_csum8(const void *hdr)
return csum;
}
+static uint32_t *
+kwboot_img_csum32_ptr(void *img)
+{
+ struct main_hdr_v1 *hdr = img;
+ uint32_t datasz;
+
+ datasz = le32_to_cpu(hdr->blocksize) - sizeof(uint32_t);
+
+ return img + le32_to_cpu(hdr->srcaddr) + datasz;
+}
+
+static uint32_t
+kwboot_img_csum32(const void *img)
+{
+ const struct main_hdr_v1 *hdr = img;
+ uint32_t datasz, csum = 0;
+ const uint32_t *data;
+
+ datasz = le32_to_cpu(hdr->blocksize) - sizeof(csum);
+ if (datasz % sizeof(uint32_t))
+ return 0;
+
+ data = img + le32_to_cpu(hdr->srcaddr);
+ while (datasz > 0) {
+ csum += le32_to_cpu(*data++);
+ datasz -= 4;
+ }
+
+ return cpu_to_le32(csum);
+}
+
static int
kwboot_img_is_secure(void *img)
{
@@ -1462,6 +1493,9 @@ kwboot_img_patch(void *img, size_t *size, int baudrate)
*size < le32_to_cpu(hdr->srcaddr) + le32_to_cpu(hdr->blocksize))
goto err;
+ if (kwboot_img_csum32(img) != *kwboot_img_csum32_ptr(img))
+ goto err;
+
is_secure = kwboot_img_is_secure(img);
if (hdr->blockid != IBR_HDR_UART_ID) {
Viele Grüße,
Stefan
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-51 Fax: (+49)-8142-66989-80 Email: s...@denx.de
