When using verified-boot in the SPL, the FIT content must be verified before it can be used.
Currently the load_addr FIT property is read and used as input to memcpy before the property is verified. Signed-off-by: Teddy Reed <teddy.r...@gmail.com> --- common/spl/spl_fit.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c index 2321ebb0dde..a35c6092cee 100644 --- a/common/spl/spl_fit.c +++ b/common/spl/spl_fit.c @@ -244,6 +244,16 @@ static int spl_load_fit_image(struct spl_load_info *info, ulong sector, src = (void *)data; } +#ifdef CONFIG_SPL_FIT_SIGNATURE + printf("## Checking hash(es) for Image %s ...\n", + fit_get_name(fit, node, NULL)); + ret = fit_image_verify_with_data(fit, node, + (const void *)src, length); + printf("\n"); + if (!ret) + return 1; +#endif + #ifdef CONFIG_SPL_FIT_IMAGE_POST_PROCESS board_fit_image_post_process(&src, &length); #endif @@ -269,16 +279,7 @@ static int spl_load_fit_image(struct spl_load_info *info, ulong sector, image_info->entry_point = fdt_getprop_u32(fit, node, "entry"); } -#ifdef CONFIG_SPL_FIT_SIGNATURE - printf("## Checking hash(es) for Image %s ...\n", - fit_get_name(fit, node, NULL)); - ret = fit_image_verify_with_data(fit, node, - (const void *)load_addr, length); - printf("\n"); - return !ret; -#else return 0; -#endif } static int spl_fit_append_fdt(struct spl_image_info *spl_image, -- 2.13.5 _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot