]> git.dujemihanovic.xyz Git - u-boot.git/commitdiff
mkimage: fit: don't cipher ciphered data
authorPatrick Oppenlander <patrick.oppenlander@gmail.com>
Thu, 30 Jul 2020 04:22:15 +0000 (14:22 +1000)
committerTom Rini <trini@konsulko.com>
Fri, 7 Aug 2020 15:47:18 +0000 (11:47 -0400)
Previously, mkimage -F could be run multiple times causing already
ciphered image data to be ciphered again.

Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com>
Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
tools/image-host.c

index b4603c5f01a802134c81921d1b24034a0e458672..e5417beee529df809d23bfe0b3e1064d56379a78 100644 (file)
@@ -482,7 +482,7 @@ int fit_image_cipher_data(const char *keydir, void *keydest,
        const char *image_name;
        const void *data;
        size_t size;
-       int cipher_node_offset;
+       int cipher_node_offset, len;
 
        /* Get image name */
        image_name = fit_get_name(fit, image_noffset, NULL);
@@ -497,6 +497,19 @@ int fit_image_cipher_data(const char *keydir, void *keydest,
                return -1;
        }
 
+       /*
+        * Don't cipher ciphered data.
+        *
+        * If the data-size-unciphered property is present the data for this
+        * image is already encrypted. This is important as 'mkimage -F' can be
+        * run multiple times on a FIT image.
+        */
+       if (fdt_getprop(fit, image_noffset, "data-size-unciphered", &len))
+               return 0;
+       if (len != -FDT_ERR_NOTFOUND) {
+               printf("Failure testing for data-size-unciphered\n");
+               return -1;
+       }
 
        /* Process cipher node if present */
        cipher_node_offset = fdt_subnode_offset(fit, image_noffset,