From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alex G. Date: Tue, 12 Jan 2021 12:30:44 -0600 Subject: [PATCH] lib: rsa: rsa-verify: don't look for keys in the FIT image In-Reply-To: <20210112181854.15056-1-philippe.reynes@softathome.com> References: <20210112181854.15056-1-philippe.reynes@softathome.com> Message-ID: List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On 1/12/21 12:18 PM, Philippe Reynes wrote: Hi Philippe, > In the function rsa_verify_hash, if the "main" key doesn't > work, u-boot try others keys. But it searches those keys > in the FIT image instead of the u-boot device tree. > > Signed-off-by: Philippe Reynes > --- > lib/rsa/rsa-verify.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c > index 0ab0f629d0..e34d3293d1 100644 > --- a/lib/rsa/rsa-verify.c > +++ b/lib/rsa/rsa-verify.c > @@ -522,10 +522,10 @@ int rsa_verify_hash(struct image_sign_info *info, > return ret; > > /* No luck, so try each of the keys in turn */ > - for (ndepth = 0, noffset = fdt_next_node(info->fit, sig_node, > + for (ndepth = 0, noffset = fdt_next_node(blob, sig_node, > &ndepth); > (noffset >= 0) && (ndepth > 0); > - noffset = fdt_next_node(info->fit, noffset, &ndepth)) { > + noffset = fdt_next_node(blob, noffset, &ndepth)) { > if (ndepth == 1 && noffset != node) { > ret = rsa_verify_with_keynode(info, hash, > sig, sig_len, I was looking at this code ot too long ago and didn't notice the inconsistency. I think it would be better to use 'info->fdt_blob' and get rid of 'blob' completely. Alex