Re: [PATCH 2/3] mkimage: fit: handle FDT_ERR_NOSPACE when ciphering

Wed, 29 Jul 2020 08:03:27 -0700 

Hi Patrick

> From: Patrick Oppenlander <patrick.oppenlan...@gmail.com>
> 
> This meant that the order of operations had to change. If we replace the
> data property first then fail to add the data-size-unciphered property
> the data will be ciphered again when retrying.


This patch is good, but I disagree with the comment. It is not mandatory
to change the order of operation because when signing/ciphering we always
start from "fresh" file.

This "trick" is done in the function fit_handle_file(...)

Just before the loop, the tmpfile is rename in bakfile

        sprintf(bakfile, "%s%s", tmpfile, ".bak");
        rename(tmpfile, bakfile);

And in the loop, the first operation is to copy bakfile to tmpfile:

        for (size_inc = 0; size_inc < 64 * 1024; size_inc += 1024) {
                if (copyfile(bakfile, tmpfile) < 0) {
                        printf("Can't copy %s to %s\n", bakfile, tmpfile);
                        ret = -EIO;
                        break;
                }
                ret = fit_add_file_data(params, size_inc, tmpfile);
                if (!ret || ret != -ENOSPC)
                        break;
        }

So I think that we always cipher with unciphered data.


> Signed-off-by: Patrick Oppenlander <patrick.oppenlan...@gmail.com>
> ---
> tools/image-host.c | 19 ++++++++++---------
> 1 file changed, 10 insertions(+), 9 deletions(-)
> 
> diff --git a/tools/image-host.c b/tools/image-host.c
> index 8fa1b9aba7..87ef79ef53 100644
> --- a/tools/image-host.c
> +++ b/tools/image-host.c
> @@ -399,25 +399,26 @@ int fit_image_write_cipher(void *fit, int image_noffset,
> int noffset,
> {
> int ret = -1;
> 
> - /* Remove unciphered data */
> - ret = fdt_delprop(fit, image_noffset, FIT_DATA_PROP);
> + /* add non ciphered data size */
> + ret = fdt_setprop_u32(fit, image_noffset, "data-size-unciphered", size);
> + if (ret == -FDT_ERR_NOSPACE) {
> + ret = -ENOSPC;
> + goto out;
> + }
> if (ret) {
> - printf("Can't remove data (err = %d)\n", ret);
> + printf("Can't add unciphered data size (err = %d)\n", ret);
> goto out;
> }
> 
> /* Add ciphered data */
> ret = fdt_setprop(fit, image_noffset, FIT_DATA_PROP,
> data_ciphered, data_ciphered_len);
> - if (ret) {
> - printf("Can't add ciphered data (err = %d)\n", ret);
> + if (ret == -FDT_ERR_NOSPACE) {
> + ret = -ENOSPC;
> goto out;
> }
> -
> - /* add non ciphered data size */
> - ret = fdt_setprop_u32(fit, image_noffset, "data-size-unciphered", size);
> if (ret) {
> - printf("Can't add unciphered data size (err = %d)\n", ret);
> + printf("Can't add ciphered data (err = %d)\n", ret);
> goto out;
> }
> 
> --
> 2.27.0


Regards,
Philippe

Reply via email to