git.dujemihanovic.xyz Git - u-boot.git/commit

author	Pali Rohár <pali@kernel.org>
	Sun, 29 Jan 2023 14:00:45 +0000 (15:00 +0100)
committer	Stefan Roese <sr@denx.de>
	Wed, 1 Mar 2023 05:39:17 +0000 (06:39 +0100)
commit	9b4531f685fafeb2bb0139e323f635d3cda150f7
tree	31dcc7b74168039e69fd4a465439dcac588657d5	tree \| snapshot
parent	bf78a57e9a84ef4c882acd8c8710d364ed90730e	commit \| diff

tools: kwbimage: Fix invalid secure boot header signature

Secure boot header signature is calculated from the image header with
zeroed header checksum. Calculation is done in add_secure_header_v1()
function. So after calling this function no header member except
main_hdr->checksum can be modified. Commit 2b0980c24027 ("tools: kwbimage:
Fill the real header size into the main header") broke this requirement as
final header size started to be filled into main_hdr->headersz_* members
after the add_secure_header_v1() call.

Fix this issue by following steps:
- Split header size and image data offset into two variables (headersz and
*dataoff).
- Change image_headersz_v0() and add_binary_header_v1() functions to return
real (unaligned) header size instead of image data offset.
- On every place use correct variable (headersz or *dataoff)

After these steps variable headersz is correctly filled into the
main_hdr->headersz_* members and so overwriting them in the end of the
image_create_v1() function is not needed anymore. Remove those overwriting
which effectively reverts changes in problematic commit without affecting
value in main_hdr->headersz_* members and makes secure boot header
signature valid again.

Fixes: 2b0980c24027 ("tools: kwbimage: Fill the real header size into the main header")
Signed-off-by: Pali Rohár <pali@kernel.org>