dany/u-boot-megous
1
0
Fork 0
mirror of https://xff.cz/git/u-boot/ synced 2025-09-01 16:52:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

mkimage: Allow 'auto-conf' signing of scripts

Browse Source 
U-Boot configured for verified boot with the "required" option set to
"conf" also checks scripts put in FIT images for a valid signature, and
refuses to source and run such a script if the signature for the
configuration is bad or missing.  Such a script could not be packaged
before, because mkimage failed like this:

    % tools/mkimage -T script -C none -d tmp/my.scr -f auto-conf -k tmp -g dev -o sha256,rsa4096 my.uimg
    Failed to find any images for configuration 'conf-1/signature'
    tools/mkimage Can't add hashes to FIT blob: -1
    Error: Bad parameters for FIT image type

This is especially unfortunate if LEGACY_IMAGE_FORMAT is disabled as
recommended.

Listing the script configuration in a "sign-images" subnode instead,
would have added even more complexity to the already complex auto fit
generation code.

Signed-off-by: Alexander Dahl <ada@thorsis.com>
This commit is contained in:
Alexander Dahl
2024-06-20 16:20:59 +02:00
committed by Tom Rini
parent d36394cff8
commit 6074f6e857
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tools/image-host.c
View File

@@ -730,7 +730,7 @@ static const char *fit_config_get_image_list(const void *fit, int noffset,
int *lenp, int *allow_missingp)
{
static const char default_list[] = FIT_KERNEL_PROP "\0"
FIT_FDT_PROP;
FIT_FDT_PROP "\0" FIT_SCRIPT_PROP;
const char *prop;
/* If there is an "sign-image" property, use that */