On Thu, Mar 05, 2026 at 06:20:09PM -0700, Simon Glass wrote: > From: Simon Glass <[email protected]> > > The hashed-nodes property in a FIT signature node lists which FDT paths > are included in the signature hash. It is intended as a hint so should > not be used for verification. > > Add a function to build the node list from scratch by iterating the > configuration's image references. Skip properties known not to be image > references. For each image, collect the path plus all hash and cipher > subnodes. > > Use the new function in fit_config_check_sig() instead of reading > 'hashed-nodes'. > > Update the test_vboot kernel@ test case: fit_check_sign now catches the > attack at signature-verification time (the @-suffixed node is hashed > instead of the real one, causing a mismatch) rather than at > fit_check_format() time. > > Update the docs to cover this. The FIT spec can be updated separately. > > Signed-off-by: Simon Glass <[email protected]>
Thanks again for looking in to this! Closes: https://lore.kernel.org/u-boot/[email protected]/ Reported-by: Apple Security Engineering and Architecture (SEAR) Tested-by: Tom Rini <[email protected]> -- Tom
signature.asc
Description: PGP signature
