Re: [PATCH] FIT: Address Secure Boot Bypass for Signed FIT Images

[Tom Rini <trini@konsulko.com>]

[-- Attachment #1: Type: text/plain, Size: 1446 bytes --]

On Tue, Mar 03, 2026 at 06:32:50AM -0700, Simon Glass wrote:
> Hi,
> 
> On Tue, 3 Mar 2026 at 01:09, Ahmad Fatoum <a.fatoum@pengutronix.de> wrote:
> >
> > Hello Tom,
> >
> > On 3/2/26 23:09, Tom Rini wrote:
> > > There is a flaw in how U-Boot verifies and generates signatures for FIT
> > > images. To prevent mix and match style attacks, it is recommended to
> > > use signed configurations. How this is supposed to work is documented in
> > > doc/usage/fit/signature.rst.
> > >
> > > Crucially, the `hashed-nodes` property of the `signature` node contains
> > > which nodes of the FIT device tree were hashed as part of the signature
> > > and should be verified. However, this property itself is not part of the
> > > hash and can therefore be modified by an attacker. Furthermore, the
> > > signature only contains the name of each node and not the path in the
> > > device tree to the node.
> > >
> > > This patch reworks the code to address this specific oversight.
> >
> > Do I understand correctly that this is a breaking change
> > for FIT with signed configurations?
> >
> > - New U-Boot hashes more than intended for old FIT
> > - Old U-Boot hashes less than intended for new FIT
> 
> Yes, that's right.
> 
> Reviewed-by: Simon Glass <sjg@chromium.org>
> 
> I can see how this works. Please see nit below.

I did fail to run this past checkpatch.pl and will fixup when applying,
thanks.

-- 
Tom

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]