mkimage: fit: Fix signing of configs with external data

Just like we exclude data-size, data-position, and data-offset from
fit_config_check_sig, we must exclude them while signing as well.

While we're at it, use the FIT_DATA_* defines for fit_config_check_sig
as welll.

Fixes: 8edecd3110e ("fit: Fix verification of images with external data")
Fixes: c522949a29d ("rsa: sig: fix config signature check for fit with padding")
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

diff --git a/boot/image-fit-sig.c b/boot/image-fit-sig.c
index a461d591a0ef92a2b38c07b9b739199f0fbb7e68..12369896fe3f614b5dedbec793a54831562a5d1c 100644 (file)
--- a/boot/image-fit-sig.c
+++ b/boot/image-fit-sig.c
@@ -260,10 +260,10 @@ static int fit_config_check_sig(const void *fit, int noffset, int conf_noffset,
                                char **err_msgp)
 {
        static char * const exc_prop[] = {
-               "data",
-               "data-size",
-               "data-position",
-               "data-offset"
+               FIT_DATA_PROP,
+               FIT_DATA_SIZE_PROP,
+               FIT_DATA_POSITION_PROP,
+               FIT_DATA_OFFSET_PROP,
        };
 
        const char *prop, *end, *name;

diff --git a/tools/image-host.c b/tools/image-host.c
index 0bf18df50e762fda93a6f92fdb4b0a567fc2b19d..4e0512be6340f47bc9fdb701dcb619da48f436ec 100644 (file)
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -915,7 +915,12 @@ static int fit_config_get_regions(const void *fit, int conf_noffset,
                                  int *region_countp, char **region_propp,
                                  int *region_proplen)
 {
-       char * const exc_prop[] = {"data"};
+       char * const exc_prop[] = {
+               FIT_DATA_PROP,
+               FIT_DATA_SIZE_PROP,
+               FIT_DATA_POSITION_PROP,
+               FIT_DATA_OFFSET_PROP,
+       };
        struct strlist node_inc;
        struct image_region *region;
        struct fdt_region fdt_regions[100];