From: patrick.oppenlander at gmail.com <patrick.oppenlander@gmail.com>
To: u-boot@lists.denx.de
Subject: [PATCH v2 3/3] mkimage: fit: don't cipher ciphered data
Date: Thu, 30 Jul 2020 14:22:15 +1000 [thread overview]
Message-ID: <20200730042215.409016-4-patrick.oppenlander@gmail.com> (raw)
In-Reply-To: <20200730042215.409016-1-patrick.oppenlander@gmail.com>
From: Patrick Oppenlander <patrick.oppenlander@gmail.com>
Previously, mkimage -F could be run multiple times causing already
ciphered image data to be ciphered again.
Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com>
---
tools/image-host.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/tools/image-host.c b/tools/image-host.c
index b4603c5f01..e5417beee5 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -482,7 +482,7 @@ int fit_image_cipher_data(const char *keydir, void *keydest,
const char *image_name;
const void *data;
size_t size;
- int cipher_node_offset;
+ int cipher_node_offset, len;
/* Get image name */
image_name = fit_get_name(fit, image_noffset, NULL);
@@ -497,6 +497,19 @@ int fit_image_cipher_data(const char *keydir, void *keydest,
return -1;
}
+ /*
+ * Don't cipher ciphered data.
+ *
+ * If the data-size-unciphered property is present the data for this
+ * image is already encrypted. This is important as 'mkimage -F' can be
+ * run multiple times on a FIT image.
+ */
+ if (fdt_getprop(fit, image_noffset, "data-size-unciphered", &len))
+ return 0;
+ if (len != -FDT_ERR_NOTFOUND) {
+ printf("Failure testing for data-size-unciphered\n");
+ return -1;
+ }
/* Process cipher node if present */
cipher_node_offset = fdt_subnode_offset(fit, image_noffset,
--
2.27.0
next prev parent reply other threads:[~2020-07-30 4:22 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-30 4:22 [PATCH v2] mkimage: FIT ciphering bug fixes patrick.oppenlander at gmail.com
2020-07-30 4:22 ` [PATCH v2 1/3] mkimage: fit: only process one cipher node patrick.oppenlander at gmail.com
2020-08-08 12:29 ` Tom Rini
2020-07-30 4:22 ` [PATCH v2 2/3] mkimage: fit: handle FDT_ERR_NOSPACE when ciphering patrick.oppenlander at gmail.com
2020-07-30 13:53 ` Philippe REYNES
2020-08-08 12:29 ` Tom Rini
2020-07-30 4:22 ` patrick.oppenlander at gmail.com [this message]
2020-07-30 13:58 ` [PATCH v2 3/3] mkimage: fit: don't cipher ciphered data Philippe REYNES
2020-08-08 12:29 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200730042215.409016-4-patrick.oppenlander@gmail.com \
--to=patrick.oppenlander@gmail.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.