Hi Sean, On Tue, 11 Oct 2022 at 15:52, Sean Anderson <[email protected]> wrote: > > Just like we exclude data-size, data-position, and data-offset from > fit_config_check_sig, we must exclude them while signing as well. > > Fixes: 8edecd3110e ("fit: Fix verification of images with external data") > Fixes: c522949a29d ("rsa: sig: fix config signature check for fit with > padding") > Signed-off-by: Sean Anderson <[email protected]> > --- > > tools/image-host.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/tools/image-host.c b/tools/image-host.c > index 698adfb3e1d..5ba6e3bbce0 100644 > --- a/tools/image-host.c > +++ b/tools/image-host.c > @@ -917,7 +917,12 @@ static int fit_config_get_regions(const void *fit, int > conf_noffset, > int *region_countp, char **region_propp, > int *region_proplen) > { > - char * const exc_prop[] = {"data"}; > + char * const exc_prop[] = { > + "data", > + "data-size", > + "data-position", > + "data-offset" > + }; > struct strlist node_inc; > struct image_region *region; > struct fdt_region fdt_regions[100]; > -- > 2.35.1.1320.gc452695387.dirty >
It looks like we should be able to use FIT_DATA_POSITION_PROP (etc.) here? Regards, Simon
