On Thu, Jul 03, 2025 at 02:54:51PM +0200, yan wang wrote: > When running the test case testPreLoadEncryptedFit, mkimage has been called > multiple times. Each call to Entry_fit's GetData falls into Entry_fit's > BuildSectionData then mkimage is called. The last mkimage is called after > the image has been signed with the preload key. As mkimage uses a random > IV for encryption and the timestamps may differ, There is a > mismatch between the previously calculated signature and the > final fit included in the image. > > During ProcessImage, how can one tell when exactly a fit is well generated, > and stop the useless mkimage afterwards? > > Paul HENRYS (2): > binman: Generate the preload header and sign the data only once > tools: binman: Test signing an encrypted FIT with a preload header > > yan wang (1): > binman: Fix signing an encryted FIT with a preload key > > tools/binman/etype/pre_load.py | 12 ++-- > tools/binman/ftest.py | 17 +++++ > tools/binman/image.py | 10 +++ > .../test/336_pre_load_fit_encrypted.dts | 63 +++++++++++++++++++ > 4 files changed, 96 insertions(+), 6 deletions(-) > create mode 100644 tools/binman/test/336_pre_load_fit_encrypted.dts
I had a small merge problem to resolve when applying this and maybe I didn't do it right because now CI fails: https://source.denx.de/u-boot/u-boot/-/jobs/1198369 Please rebase, retest and repost, thanks! -- Tom
signature.asc
Description: PGP signature
