tools: kwbimage: Fix generating secure boot data image signature

Secure boot data image signature is calculated from the data image without trailing 4-bit checksum. Commit 37cb9c15d70d ("tools: kwbimage: Simplify aligning and calculating checksum") unintentionally broke this calculation when it increased payloadsz variable by 4 bytes which was propagated also into the add_secure_header_v1() function. Fix this issue by decreasing size of buffer by 4 bytes from which is calculated secure boot data image signature. Fixes: 37cb9c15d70d ("tools: kwbimage: Simplify aligning and calculating checksum") Signed-off-by: Pali Rohár <pali@kernel.org>
author: Pali Rohár <pali@kernel.org> 2023-01-29 14:33:36 +0100
committer: Stefan Roese <sr@denx.de> 2023-03-01 06:39:17 +0100
commit: bf78a57e9a84ef4c882acd8c8710d364ed90730e (patch)
tree: a18ae6db99c2e7933715c44e271d803d30e20599 /tools/kwbimage.c
parent: 39c78724f4e79227f0c4a13bd95ca44474204a07 (diff)
download: u-boot-bf78a57e9a84ef4c882acd8c8710d364ed90730e.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/kwbimage.c b/tools/kwbimage.c
index b32f845b7e..a8a59c154b 100644
--- a/tools/kwbimage.c
+++ b/tools/kwbimage.c
@@ -1355,7 +1355,7 @@ static int add_secure_header_v1(struct image_tool_params *params, uint8_t *image
 	if (kwb_sign_csk_with_kak(params, secure_hdr, csk))
 		return 1;
 
-	if (kwb_sign_and_verify(csk, image_ptr, image_size,
+	if (kwb_sign_and_verify(csk, image_ptr, image_size - 4,
 				&secure_hdr->imgsig, "image") < 0)
 		return 1;
author	Pali Rohár <pali@kernel.org>	2023-01-29 14:33:36 +0100
committer	Stefan Roese <sr@denx.de>	2023-03-01 06:39:17 +0100
commit	bf78a57e9a84ef4c882acd8c8710d364ed90730e (patch)
tree	a18ae6db99c2e7933715c44e271d803d30e20599 /tools/kwbimage.c
parent	39c78724f4e79227f0c4a13bd95ca44474204a07 (diff)
download	u-boot-bf78a57e9a84ef4c882acd8c8710d364ed90730e.tar.gz