The signature check of config node is broken when used on fit with padding.
We didn't see it before because this case is not covered by vboot test.
When check the signature for a config nde, u-boot uses all the properties
of the node referenced in the config node, except the property data. When
padding is used on fit, the property data is replaced by two properties:
data-offset and data-size, and u-boot uses those properties when checking
the signature. To fix this signature check, we simply ignore the properties
data-offset and data_size.
The first commit add some vboot tests that check signature on fit with
padding. The second commit fixes the signature check on config node for
fit with padding.
Philippe Reynes (2):
test/py: vboot: add a test to check fit signature on fit with padding
rsa: sig: fix config signature check for fit with padding
Changelog:
v3:
- rebase on master
v2:
- fix spelling in commit message (thanks Simon)
common/image-fit-sig.c | 2 +-
test/py/tests/test_vboot.py | 52 ++++++++++++++++++++++++++++-----------------
2 files changed, 34 insertions(+), 20 deletions(-)