boot: Add fit_config_get_hash_list() to build signed node list

The hashed-nodes property in a FIT signature node lists which FDT paths
are included in the signature hash. It is intended as a hint so should
not be used for verification.

Add a function to build the node list from scratch by iterating the
configuration's image references. Skip properties known not to be image
references. For each image, collect the path plus all hash and cipher
subnodes.

Use the new function in fit_config_check_sig() instead of reading
'hashed-nodes'.

Update the test_vboot kernel@ test case: fit_check_sign now catches the
attack at signature-verification time (the @-suffixed node is hashed
instead of the real one, causing a mismatch) rather than at
fit_check_format() time.

Update the docs to cover this. The FIT spec can be updated separately.

Signed-off-by: Simon Glass <[email protected]>
Closes: https://lore.kernel.org/u-boot/[email protected]/
Reported-by: Apple Security Engineering and Architecture (SEAR)
Tested-by: Tom Rini <[email protected]>

0 files changed, 0 insertions, 0 deletions