Hi there, I have a FIT image that boots fine, but when I sign it, with the following command, it fails to boot:
mkimage -k keys -r -o sha256,rsa2048 -F image.fit It fails while checking sha256, Bad hash value for 'hash' hash node in ... I get similar error when I test it on my host: tools/fit_check_sign -f image.fit -k u-boot-spl.dtb After debugging, I found that after signing the image, data gets imbedded into images structure with data = <...> field, but data-offset, data-size fields (used for external reference) are not removed, and that's why when verifying the signatures fit_image_get_data_and_size() function gets confused when finds data-offset settings and calculates sha256 on the wrong data. I checked my other projects, with older version of uboot, and I can confirm that there after signing a FIT image data-offset, data-size fields got removed and data field appeared with data. I am experiencing the issue with the recent head of the mater branch of u-boot. Did I miss something or is it a bug? Cheers, Andy
