diff options
| author | Pali Rohár <[email protected]> | 2023-01-29 15:00:45 +0100 |
|---|---|---|
| committer | Stefan Roese <[email protected]> | 2023-03-01 06:39:17 +0100 |
| commit | 9b4531f685fafeb2bb0139e323f635d3cda150f7 (patch) | |
| tree | 31dcc7b74168039e69fd4a465439dcac588657d5 /scripts/cleanpatch | |
| parent | bf78a57e9a84ef4c882acd8c8710d364ed90730e (diff) | |
tools: kwbimage: Fix invalid secure boot header signature
Secure boot header signature is calculated from the image header with
zeroed header checksum. Calculation is done in add_secure_header_v1()
function. So after calling this function no header member except
main_hdr->checksum can be modified. Commit 2b0980c24027 ("tools: kwbimage:
Fill the real header size into the main header") broke this requirement as
final header size started to be filled into main_hdr->headersz_* members
after the add_secure_header_v1() call.
Fix this issue by following steps:
- Split header size and image data offset into two variables (headersz and
*dataoff).
- Change image_headersz_v0() and add_binary_header_v1() functions to return
real (unaligned) header size instead of image data offset.
- On every place use correct variable (headersz or *dataoff)
After these steps variable headersz is correctly filled into the
main_hdr->headersz_* members and so overwriting them in the end of the
image_create_v1() function is not needed anymore. Remove those overwriting
which effectively reverts changes in problematic commit without affecting
value in main_hdr->headersz_* members and makes secure boot header
signature valid again.
Fixes: 2b0980c24027 ("tools: kwbimage: Fill the real header size into the main header")
Signed-off-by: Pali Rohár <[email protected]>
Diffstat (limited to 'scripts/cleanpatch')
0 files changed, 0 insertions, 0 deletions