summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormario.six@gdsys.cc <mario.six@gdsys.cc>2016-07-19 11:07:06 +0200
committerTom Rini <trini@konsulko.com>2016-07-22 14:46:24 -0400
commitc236ebd2fa04e872bb248c363e558961e1d138f0 (patch)
tree02ef69d3914dd3e4720db756a285d051c54c70e6
parentc9ba60c4385bfbc10dc452a8f79c6db04bf18161 (diff)
downloadu-boot-imx-c236ebd2fa04e872bb248c363e558961e1d138f0.zip
u-boot-imx-c236ebd2fa04e872bb248c363e558961e1d138f0.tar.gz
u-boot-imx-c236ebd2fa04e872bb248c363e558961e1d138f0.tar.bz2
tools: Fix return code of fit_image_process_sig()
When signing images, we repeatedly call fit_add_file_data() with successively increasing size values to include the keys in the DTB. Unfortunately, if large keys are used (such as 4096 bit RSA keys), this process fails sometimes, and mkimage needs to be called repeatedly to integrate the keys into the DTB. This is because fit_add_file_data actually returns the wrong error code, and the loop terminates prematurely, instead of trying again with a larger size value. This patch corrects the return value and also removes a error message, which is misleading, since we actually allow the function to fail. A (hopefully helpful) comment is also added to explain the lack of error message. This is probably related to 1152a05 ("tools: Correct error handling in fit_image_process_hash()") and the corresponding error reported here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html Signed-off-by: Mario Six <mario.six@gdsys.cc>
-rw-r--r--tools/image-host.c13
1 files changed, 7 insertions, 6 deletions
diff --git a/tools/image-host.c b/tools/image-host.c
index 3e14fdc..399ec94 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -238,12 +238,13 @@ static int fit_image_process_sig(const char *keydir, void *keydest,
/* Get keyname again, as FDT has changed and invalidated our pointer */
info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
- /* Write the public key into the supplied FDT file */
- if (keydest && info.algo->add_verify_data(&info, keydest)) {
- printf("Failed to add verification data for '%s' signature node in '%s' image node\n",
- node_name, image_name);
- return -1;
- }
+ ret = info.algo->add_verify_data(&info, keydest);
+
+ /* Write the public key into the supplied FDT file; this might fail
+ * several times, since we try signing with successively increasing
+ * size values */
+ if (keydest && ret)
+ return ret;
return 0;
}