When using verified-boot in the SPL, the FIT content must be
verified before it can be used.
Currently the load_addr FIT property is read and used as input to
memcpy before the property is verified.
Signed-off-by: Teddy Reed <teddy.r...@gmail.com>
---
common/spl/spl_fit.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
index 2321ebb0dde..a35c6092cee 100644
--- a/common/spl/spl_fit.c
+++ b/common/spl/spl_fit.c
@@ -244,6 +244,16 @@ static int spl_load_fit_image(struct spl_load_info *info,
ulong sector,
src = (void *)data;
}
+#ifdef CONFIG_SPL_FIT_SIGNATURE
+ printf("## Checking hash(es) for Image %s ...\n",
+ fit_get_name(fit, node, NULL));
+ ret = fit_image_verify_with_data(fit, node,
+ (const void *)src, length);
+ printf("\n");
+ if (!ret)
+ return 1;
+#endif
+
#ifdef CONFIG_SPL_FIT_IMAGE_POST_PROCESS
board_fit_image_post_process(&src, &length);
#endif
@@ -269,16 +279,7 @@ static int spl_load_fit_image(struct spl_load_info *info,
ulong sector,
image_info->entry_point = fdt_getprop_u32(fit, node, "entry");
}
-#ifdef CONFIG_SPL_FIT_SIGNATURE
- printf("## Checking hash(es) for Image %s ...\n",
- fit_get_name(fit, node, NULL));
- ret = fit_image_verify_with_data(fit, node,
- (const void *)load_addr, length);
- printf("\n");
- return !ret;
-#else
return 0;
-#endif
}
static int spl_fit_append_fdt(struct spl_image_info *spl_image,
--
2.13.5
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
