Hi,
i want to propose the following patch to bootm.c.
If you want to use FIT Images and HAB together you always get this on bootm:
Not valid image format for Authentication, Please check
This is because there is no case for FIT Images in the switch statement.
I tested the patch below and was able to boot a HAB signed FIT Image without problems.
diff --git "a/cmd/bootm.c" "b/cmd/bootm.c"
index 03ea3b8998..47122e50cc 100644
--- "a/cmd/bootm.c"
+++ "b/cmd/bootm.c"
@@ -176,6 +176,15 @@ int do_bootm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
case IMAGE_FORMAT_ANDROID:
/* Do this authentication in boota command */
break;
+#endif
+#ifdef CONFIG_FIT
+ case IMAGE_FORMAT_FIT:
+ if (authenticate_image(image_load_addr,
+ image_get_image_size((image_header_t *)image_load_addr)) != 0) {
+ printf("Authenticate FIT image Fail, Please check\n");
+ return 1;
+ }
+ break;
#endif
default:
printf("Not valid image format for Authentication, Please check\n");
Thanks,
Thomas
I'd like to ask you a question. Do we need special processing when adding digital signatures to fitimage, or is it the same as the official guidance (zimage/image)? Do we need to do something special with the.its file that generates fitimage?
The patch actually requires to read the image size with the function fit_get_size() from the image header, because the image headers of FIT images differ. For me the first patch only worked by chance and I could fix it by exchanging the function.
Here is the diff:
diff --git a/cmd/bootm.c b/cmd/bootm.c
index bed84bd735..6fcd17eaf5 100644
--- a/cmd/bootm.c
+++ b/cmd/bootm.c
@@ -175,7 +175,7 @@ int do_bootm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
#ifdef CONFIG_FIT
case IMAGE_FORMAT_FIT:
if (authenticate_image(load_addr,
- image_get_image_size((image_header_t *)load_addr)) != 0) {
+ fit_get_size((void *)load_addr)) != 0) {
printf("Authenticate FIT image Fail, Please check\n");
return 1;
}
Thx everyone for the replies and kudos.
Meanwhile i'm using U-Boot Mainline, so you will get no more updates from me.
To be sure to use the correct address and size my code is like that now:
uint32_t fileaddr = env_get_hex("fileaddr", 0);
uint32_t filesize = env_get_hex("filesize", 0);
uint32_t ivt_offset = filesize - CONFIG_CSF_SIZE;imx_hab_authenticate_image(fileaddr, filesize, ivt_offset);
fileaddr and filesize is set on all load operations as far I can see.
Hi @tmuthmann
Your solution helped me a lot. After using your patch I was able to boot HAB signed fitImage.
But when I rebuild my images and disabled Mender it was not working for me. After some investigation I think that
the image_get_image_size is picking bytes 12..15 as size of the image which is a little less than the image size in bytes 4..7 which seems to be more correct. In some cases this made authenticate_image() not be able to find the IVT structure and verification failed.
So, it did not depend on Mender but the size of the fitImage, so maybe you can get into the same problem when rebuilding your images.
Regards,
Jonny
Is this already implemented somewhere by NXP? We are running into the same problem with v2020.04_5.4.24_2.1.0. I think it's rather strange NXP does not see this as a valid usecase.
Anyway, Thanks for the patch