On Sat, Jun 07, 2025 at 10:00:49AM +0200, Jonas Karlman wrote:
> Hi Mikhail,
>
> On 2025-06-07 00:31, Mikhail Kshevetskiy wrote:
> > load_simple_fit() returns -EPERM for the images with broken signatures.
> > Unfortunately this may conflict with image loaging selection on the base
> > of boot phase. See commit 873112db9ce68c38984ff25808dde726f8dd5573
> > ("spl: Support selecting images based on phase in simple FIT").
> >
> > Thus loading of
> >
> > configurations {
> > uboot {
> > description = "u-boot";
> > firmware = "atf";
> > loadables = "atf", "tee", "uboot";
> > };
> > };
> >
> > with damaged "tee" image may finish without errors. This may results in
> > board bricking. This should not happen.
> >
> > The simplest way to resolve an issue is returning the different error
> > code for the cases of broken signature.
> >
> > Signed-off-by: Mikhail Kshevetskiy <mikhail.kshevets...@iopsys.eu>
> > ---
> > common/spl/spl_fit.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
> > index ab277bb2baa..783bb84bdb5 100644
> > --- a/common/spl/spl_fit.c
> > +++ b/common/spl/spl_fit.c
> > @@ -322,7 +322,7 @@ static int load_simple_fit(struct spl_load_info *info,
> > ulong fit_offset,
> > fit_get_name(fit, node, NULL));
> > if (!fit_image_verify_with_data(fit, node, gd_fdt_blob(), src,
> > length))
> > - return -EPERM;
> > + return -EACCES;
>
> I think a proper solution would be to fix the bad use of EPERM in the
> commit 873112db9ce6 ("spl: Support selecting images based on phase in
> simple FIT").
>
> That commit should never have used EPERM in the first place, it should
> be reverted or its use of EPERM could be changed to something that is
> currently NOT used to block loading images that fail e.g. a signature
> check.Instead of EPERM in the case from commit 873112db9ce6 how about (skimming linux/errno.h): #define EBADSLT 57 /* Invalid slot */ And use EBADSLT ? -- Tom
signature.asc
Description: PGP signature
