diff options
Diffstat (limited to 'meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648')
7 files changed, 548 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0001-image-Correct-comment-for-fit_conf_get_node.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0001-image-Correct-comment-for-fit_conf_get_node.patch new file mode 100644 index 000000000..05e9ae9c1 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0001-image-Correct-comment-for-fit_conf_get_node.patch @@ -0,0 +1,75 @@ +From 6455ab0f57e2a64f4952c6a1cefca1891d582139 Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Tue, 31 Mar 2020 18:43:55 +0200 +Subject: [PATCH] image: Correct comment for fit_conf_get_node() + +This should mention that conf_uname can be NULL and should be in the +header file. Fix this. + +Signed-off-by: Simon Glass <sjg@chromium.org> +Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@linux.intel.com> + +--- + common/image-fit.c | 18 ------------------ + include/image.h | 19 +++++++++++++++++++ + 2 files changed, 19 insertions(+), 18 deletions(-) + +diff --git a/common/image-fit.c b/common/image-fit.c +index 6f920da220..f31e93a364 100644 +--- a/common/image-fit.c ++++ b/common/image-fit.c +@@ -1375,24 +1375,6 @@ int fit_conf_find_compat(const void *fit, const void *fdt) + return best_match_offset; + } + +-/** +- * fit_conf_get_node - get node offset for configuration of a given unit name +- * @fit: pointer to the FIT format image header +- * @conf_uname: configuration node unit name +- * +- * fit_conf_get_node() finds a configuration (within the '/configurations' +- * parent node) of a provided unit name. If configuration is found its node +- * offset is returned to the caller. +- * +- * When NULL is provided in second argument fit_conf_get_node() will search +- * for a default configuration node instead. Default configuration node unit +- * name is retrieved from FIT_DEFAULT_PROP property of the '/configurations' +- * node. +- * +- * returns: +- * configuration node offset when found (>=0) +- * negative number on failure (FDT_ERR_* code) +- */ + int fit_conf_get_node(const void *fit, const char *conf_uname) + { + int noffset, confs_noffset; +diff --git a/include/image.h b/include/image.h +index a16187f874..b05e8552cc 100644 +--- a/include/image.h ++++ b/include/image.h +@@ -908,6 +908,25 @@ int fit_image_check_comp(const void *fit, int noffset, uint8_t comp); + int fit_check_format(const void *fit); + + int fit_conf_find_compat(const void *fit, const void *fdt); ++ ++/** ++ * fit_conf_get_node - get node offset for configuration of a given unit name ++ * @fit: pointer to the FIT format image header ++ * @conf_uname: configuration node unit name (NULL to use default) ++ * ++ * fit_conf_get_node() finds a configuration (within the '/configurations' ++ * parent node) of a provided unit name. If configuration is found its node ++ * offset is returned to the caller. ++ * ++ * When NULL is provided in second argument fit_conf_get_node() will search ++ * for a default configuration node instead. Default configuration node unit ++ * name is retrieved from FIT_DEFAULT_PROP property of the '/configurations' ++ * node. ++ * ++ * returns: ++ * configuration node offset when found (>=0) ++ * negative number on failure (FDT_ERR_* code) ++ */ + int fit_conf_get_node(const void *fit, const char *conf_uname); + + /** diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0002-image-Be-a-little-more-verbose-when-checking-signatu.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0002-image-Be-a-little-more-verbose-when-checking-signatu.patch new file mode 100644 index 000000000..62594c6f3 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0002-image-Be-a-little-more-verbose-when-checking-signatu.patch @@ -0,0 +1,43 @@ +From 0373da3f0baf0f5d90e978b9f735306d06e19d24 Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Tue, 31 Mar 2020 18:43:55 +0200 +Subject: [PATCH] image: Be a little more verbose when checking signatures + +It is useful to be a little more specific about what is being checked. +Update a few messages to help with this. + +Signed-off-by: Simon Glass <sjg@chromium.org> +Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@linux.intel.com> + +--- + common/image-fit.c | 2 +- + tools/image-host.c | 3 ++- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/common/image-fit.c b/common/image-fit.c +index f31e93a364..8a7c78f4c1 100644 +--- a/common/image-fit.c ++++ b/common/image-fit.c +@@ -1637,7 +1637,7 @@ int fit_image_load(bootm_headers_t *images, ulong addr, + fit_uname = fit_get_name(fit, noffset, NULL); + } + if (noffset < 0) { +- puts("Could not find subimage node\n"); ++ printf("Could not find subimage node type '%s'\n", prop_name); + bootstage_error(bootstage_id + BOOTSTAGE_SUB_SUBNODE); + return -ENOENT; + } +diff --git a/tools/image-host.c b/tools/image-host.c +index 7effb6cea5..01fdec276d 100644 +--- a/tools/image-host.c ++++ b/tools/image-host.c +@@ -717,7 +717,8 @@ int fit_check_sign(const void *fit, const void *key) + if (!cfg_noffset) + return -1; + +- printf("Verifying Hash Integrity ... "); ++ printf("Verifying Hash Integrity for node '%s'... ", ++ fdt_get_name(fit, cfg_noffset, NULL)); + ret = fit_config_verify(fit, cfg_noffset); + if (ret) + return ret; diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0003-image-Return-an-error-message-from-fit_config_verify.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0003-image-Return-an-error-message-from-fit_config_verify.patch new file mode 100644 index 000000000..d0501ff82 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0003-image-Return-an-error-message-from-fit_config_verify.patch @@ -0,0 +1,37 @@ +From ffb95288ea143ca9f76890aebe804067bf327b68 Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Tue, 31 Mar 2020 18:43:55 +0200 +Subject: [PATCH] image: Return an error message from fit_config_verify_sig() + +This function only returns an error message sometimes. Update it to always +return an error message if one is available. This makes it easier to see +what went wrong. + +Signed-off-by: Simon Glass <sjg@chromium.org> +Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@linux.intel.com> + +--- + common/image-sig.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/common/image-sig.c b/common/image-sig.c +index eda5e1353a..a664f4a409 100644 +--- a/common/image-sig.c ++++ b/common/image-sig.c +@@ -415,13 +415,14 @@ static int fit_config_verify_sig(const void *fit, int conf_noffset, + goto error; + } + +- return verified ? 0 : -EPERM; ++ if (verified) ++ return 0; + + error: + printf(" error!\n%s for '%s' hash node in '%s' config node\n", + err_msg, fit_get_name(fit, noffset, NULL), + fit_get_name(fit, conf_noffset, NULL)); +- return -1; ++ return -EPERM; + } + + int fit_config_verify_required_sigs(const void *fit, int conf_noffset, diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0007-image-Check-hash-nodes-when-checking-configurations.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0007-image-Check-hash-nodes-when-checking-configurations.patch new file mode 100644 index 000000000..1a2eba2e1 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0007-image-Check-hash-nodes-when-checking-configurations.patch @@ -0,0 +1,95 @@ +From c77be61073581f8009a9b8bf8960f5c1ad621d63 Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Tue, 31 Mar 2020 18:43:55 +0200 +Subject: [PATCH] image: Check hash-nodes when checking configurations + +It is currently possible to use a different configuration's signature and +thus bypass the configuration check. Make sure that the configuration node +that was hashed matches the one being checked, to catch this problem. + +Also add a proper function comment to fit_config_check_sig() and make it +static. + +Signed-off-by: Simon Glass <sjg@chromium.org> +Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@linux.intel.com> + +--- + common/image-sig.c | 36 +++++++++++++++++++++++++++++++++--- + 1 file changed, 33 insertions(+), 3 deletions(-) + +diff --git a/common/image-sig.c b/common/image-sig.c +index a664f4a409..057d654c17 100644 +--- a/common/image-sig.c ++++ b/common/image-sig.c +@@ -283,20 +283,39 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset, + return 0; + } + +-int fit_config_check_sig(const void *fit, int noffset, int required_keynode, +- char **err_msgp) ++/** ++ * fit_config_check_sig() - Check the signature of a config ++ * ++ * @fit: FIT to check ++ * @noffset: Offset of configuration node (e.g. /configurations/conf-1) ++ * @required_keynode: Offset in the control FDT of the required key node, ++ * if any. If this is given, then the configuration wil not ++ * pass verification unless that key is used. If this is ++ * -1 then any signature will do. ++ * @conf_noffset: Offset of the configuration subnode being checked (e.g. ++ * /configurations/conf-1/kernel) ++ * @err_msgp: In the event of an error, this will be pointed to a ++ * help error string to display to the user. ++ * @return 0 if all verified ok, <0 on error ++ */ ++static int fit_config_check_sig(const void *fit, int noffset, ++ int required_keynode, int conf_noffset, ++ char **err_msgp) + { + char * const exc_prop[] = {"data"}; + const char *prop, *end, *name; + struct image_sign_info info; + const uint32_t *strings; ++ const char *config_name; + uint8_t *fit_value; + int fit_value_len; ++ bool found_config; + int max_regions; + int i, prop_len; + char path[200]; + int count; + ++ config_name = fit_get_name(fit, conf_noffset, NULL); + debug("%s: fdt=%p, conf='%s', sig='%s'\n", __func__, gd_fdt_blob(), + fit_get_name(fit, noffset, NULL), + fit_get_name(gd_fdt_blob(), required_keynode, NULL)); +@@ -332,9 +351,20 @@ int fit_config_check_sig(const void *fit, int noffset, int required_keynode, + char *node_inc[count]; + + debug("Hash nodes (%d):\n", count); ++ found_config = false; + for (name = prop, i = 0; name < end; name += strlen(name) + 1, i++) { + debug(" '%s'\n", name); + node_inc[i] = (char *)name; ++ if (!strncmp(FIT_CONFS_PATH, name, strlen(FIT_CONFS_PATH)) && ++ name[sizeof(FIT_CONFS_PATH) - 1] == '/' && ++ !strcmp(name + sizeof(FIT_CONFS_PATH), config_name)) { ++ debug(" (found config node %s)", config_name); ++ found_config = true; ++ } ++ } ++ if (!found_config) { ++ *err_msgp = "Selected config not in hashed nodes"; ++ return -1; + } + + /* +@@ -399,7 +429,7 @@ static int fit_config_verify_sig(const void *fit, int conf_noffset, + if (!strncmp(name, FIT_SIG_NODENAME, + strlen(FIT_SIG_NODENAME))) { + ret = fit_config_check_sig(fit, noffset, sig_offset, +- &err_msg); ++ conf_noffset, &err_msg); + if (ret) { + puts("- "); + } else { diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0008-image-Load-the-correct-configuration-in-fit_check_si.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0008-image-Load-the-correct-configuration-in-fit_check_si.patch new file mode 100644 index 000000000..460615410 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0008-image-Load-the-correct-configuration-in-fit_check_si.patch @@ -0,0 +1,49 @@ +From b8e5bf59f37db05fbb21832117351bd6bdda3afd Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Tue, 31 Mar 2020 18:43:55 +0200 +Subject: [PATCH] image: Load the correct configuration in fit_check_sign + +At present bootm_host_load_images() is passed the configuration that has +been verified, but ignores it and just uses the default configuration. +This may not be the same. + +Update this function to use the selected configuration. + +Signed-off-by: Simon Glass <sjg@chromium.org> +Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@linux.intel.com> + +--- + common/bootm.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/common/bootm.c b/common/bootm.c +index 46909ecdbb..b39fd60c8c 100644 +--- a/common/bootm.c ++++ b/common/bootm.c +@@ -894,7 +894,8 @@ void memmove_wd(void *to, void *from, size_t len, ulong chunksz) + memmove(to, from, len); + } + +-static int bootm_host_load_image(const void *fit, int req_image_type) ++static int bootm_host_load_image(const void *fit, int req_image_type, ++ int cfg_noffset) + { + const char *fit_uname_config = NULL; + ulong data, len; +@@ -906,6 +907,7 @@ static int bootm_host_load_image(const void *fit, int req_image_type) + void *load_buf; + int ret; + ++ fit_uname_config = fdt_get_name(fit, cfg_noffset, NULL); + memset(&images, '\0', sizeof(images)); + images.verify = 1; + noffset = fit_image_load(&images, (ulong)fit, +@@ -950,7 +952,7 @@ int bootm_host_load_images(const void *fit, int cfg_noffset) + for (i = 0; i < ARRAY_SIZE(image_types); i++) { + int ret; + +- ret = bootm_host_load_image(fit, image_types[i]); ++ ret = bootm_host_load_image(fit, image_types[i], cfg_noffset); + if (!err && ret && ret != -ENOENT) + err = ret; + } diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0009-fit_check_sign-Allow-selecting-the-configuration-to-.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0009-fit_check_sign-Allow-selecting-the-configuration-to-.patch new file mode 100644 index 000000000..4f151f84e --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0009-fit_check_sign-Allow-selecting-the-configuration-to-.patch @@ -0,0 +1,99 @@ +From ef74a120215a65d34b4c4658327049c7a7ac5bea Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Tue, 31 Mar 2020 18:43:55 +0200 +Subject: [PATCH] fit_check_sign: Allow selecting the configuration to verify + +This tool always verifies the default configuration. It is useful to be +able to verify a specific one. Add a command-line flag for this and plumb +the logic through. + +Signed-off-by: Simon Glass <sjg@chromium.org> +Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@linux.intel.com> + +--- + tools/fdt_host.h | 3 ++- + tools/fit_check_sign.c | 8 ++++++-- + tools/image-host.c | 6 ++++-- + 3 files changed, 12 insertions(+), 5 deletions(-) + +diff --git a/tools/fdt_host.h b/tools/fdt_host.h +index 134d965713..4eceab19dd 100644 +--- a/tools/fdt_host.h ++++ b/tools/fdt_host.h +@@ -11,6 +11,7 @@ + #include "../include/libfdt.h" + #include "../include/fdt_support.h" + +-int fit_check_sign(const void *working_fdt, const void *key); ++int fit_check_sign(const void *fit, const void *key, ++ const char *fit_uname_config); + + #endif /* __FDT_HOST_H__ */ +diff --git a/tools/fit_check_sign.c b/tools/fit_check_sign.c +index d9361b0095..e9a489db39 100644 +--- a/tools/fit_check_sign.c ++++ b/tools/fit_check_sign.c +@@ -42,6 +42,7 @@ int main(int argc, char **argv) + void *fit_blob; + char *fdtfile = NULL; + char *keyfile = NULL; ++ char *config_name = NULL; + char cmdname[256]; + int ret; + void *key_blob; +@@ -49,7 +50,7 @@ int main(int argc, char **argv) + + strncpy(cmdname, *argv, sizeof(cmdname) - 1); + cmdname[sizeof(cmdname) - 1] = '\0'; +- while ((c = getopt(argc, argv, "f:k:")) != -1) ++ while ((c = getopt(argc, argv, "f:k:c:")) != -1) + switch (c) { + case 'f': + fdtfile = optarg; +@@ -57,6 +58,9 @@ int main(int argc, char **argv) + case 'k': + keyfile = optarg; + break; ++ case 'c': ++ config_name = optarg; ++ break; + default: + usage(cmdname); + break; +@@ -79,7 +83,7 @@ int main(int argc, char **argv) + return EXIT_FAILURE; + + image_set_host_blob(key_blob); +- ret = fit_check_sign(fit_blob, key_blob); ++ ret = fit_check_sign(fit_blob, key_blob, config_name); + if (!ret) { + ret = EXIT_SUCCESS; + fprintf(stderr, "Signature check OK\n"); +diff --git a/tools/image-host.c b/tools/image-host.c +index 01fdec276d..da374eeabf 100644 +--- a/tools/image-host.c ++++ b/tools/image-host.c +@@ -708,12 +708,13 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit, + } + + #ifdef CONFIG_FIT_SIGNATURE +-int fit_check_sign(const void *fit, const void *key) ++int fit_check_sign(const void *fit, const void *key, ++ const char *fit_uname_config) + { + int cfg_noffset; + int ret; + +- cfg_noffset = fit_conf_get_node(fit, NULL); ++ cfg_noffset = fit_conf_get_node(fit, fit_uname_config); + if (!cfg_noffset) + return -1; + +@@ -722,6 +723,7 @@ int fit_check_sign(const void *fit, const void *key) + ret = fit_config_verify(fit, cfg_noffset); + if (ret) + return ret; ++ printf("Verified OK, loading images\n"); + ret = bootm_host_load_images(fit, cfg_noffset); + + return ret; diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch new file mode 100644 index 000000000..a04f68fb3 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch @@ -0,0 +1,150 @@ +From dfe95ace84f7bb04b6302fd8f51f8a942a288e40 Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Tue, 31 Mar 2020 18:43:55 +0200 +Subject: [PATCH] image: Use constants for 'required' and 'key-name-hint' + +These are used in multiple places so update them to use a shared #define. + +Signed-off-by: Simon Glass <sjg@chromium.org> +Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@linux.intel.com> + +--- + common/image-fit.c | 6 +++--- + common/image-sig.c | 8 +++++--- + include/image.h | 4 +++- + lib/rsa/rsa-sign.c | 6 +++--- + tools/image-host.c | 6 +++--- + 5 files changed, 17 insertions(+), 13 deletions(-) + +diff --git a/common/image-fit.c b/common/image-fit.c +index 8a7c78f4c1..322fde728b 100644 +--- a/common/image-fit.c ++++ b/common/image-fit.c +@@ -264,7 +264,7 @@ static void fit_image_print_data(const void *fit, int noffset, const char *p, + uint8_t *value; + int value_len; + char *algo; +- int required; ++ bool required; + int ret, i; + + debug("%s %s node: '%s'\n", p, type, +@@ -275,8 +275,8 @@ static void fit_image_print_data(const void *fit, int noffset, const char *p, + return; + } + printf("%s", algo); +- keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); +- required = fdt_getprop(fit, noffset, "required", NULL) != NULL; ++ keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL); ++ required = fdt_getprop(fit, noffset, FIT_KEY_REQUIRED, NULL) != NULL; + if (keyname) + printf(":%s", keyname); + if (required) +diff --git a/common/image-sig.c b/common/image-sig.c +index 057d654c17..b497321179 100644 +--- a/common/image-sig.c ++++ b/common/image-sig.c +@@ -156,7 +156,7 @@ static int fit_image_setup_verify(struct image_sign_info *info, + return -1; + } + memset(info, '\0', sizeof(*info)); +- info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); ++ info->keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL); + info->fit = (void *)fit; + info->node_offset = noffset; + info->algo = image_get_sig_algo(algo_name); +@@ -264,7 +264,8 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset, + const char *required; + int ret; + +- required = fdt_getprop(sig_blob, noffset, "required", NULL); ++ required = fdt_getprop(sig_blob, noffset, FIT_KEY_REQUIRED, ++ NULL); + if (!required || strcmp(required, "image")) + continue; + ret = fit_image_verify_sig(fit, image_noffset, data, size, +@@ -473,7 +474,8 @@ int fit_config_verify_required_sigs(const void *fit, int conf_noffset, + const char *required; + int ret; + +- required = fdt_getprop(sig_blob, noffset, "required", NULL); ++ required = fdt_getprop(sig_blob, noffset, FIT_KEY_REQUIRED, ++ NULL); + if (!required || strcmp(required, "conf")) + continue; + ret = fit_config_verify_sig(fit, conf_noffset, sig_blob, +diff --git a/include/image.h b/include/image.h +index b05e8552cc..2c6ef4de25 100644 +--- a/include/image.h ++++ b/include/image.h +@@ -782,12 +782,14 @@ int bootz_setup(ulong image, ulong *start, ulong *end); + #define FIT_IMAGES_PATH "/images" + #define FIT_CONFS_PATH "/configurations" + +-/* hash/signature node */ ++/* hash/signature/key node */ + #define FIT_HASH_NODENAME "hash" + #define FIT_ALGO_PROP "algo" + #define FIT_VALUE_PROP "value" + #define FIT_IGNORE_PROP "uboot-ignore" + #define FIT_SIG_NODENAME "signature" ++#define FIT_KEY_REQUIRED "required" ++#define FIT_KEY_HINT "key-name-hint" + + /* image node */ + #define FIT_DATA_PROP "data" +diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c +index 5d9716f013..972af6b8a7 100644 +--- a/lib/rsa/rsa-sign.c ++++ b/lib/rsa/rsa-sign.c +@@ -486,8 +486,8 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest) + } + + if (!ret) { +- ret = fdt_setprop_string(keydest, node, "key-name-hint", +- info->keyname); ++ ret = fdt_setprop_string(keydest, node, FIT_KEY_HINT, ++ info->keyname); + } + if (!ret) + ret = fdt_setprop_u32(keydest, node, "rsa,num-bits", bits); +@@ -509,7 +509,7 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest) + info->algo->name); + } + if (info->require_keys) { +- ret = fdt_setprop_string(keydest, node, "required", ++ ret = fdt_setprop_string(keydest, node, FIT_KEY_REQUIRED, + info->require_keys); + } + done: +diff --git a/tools/image-host.c b/tools/image-host.c +index da374eeabf..afeba22a09 100644 +--- a/tools/image-host.c ++++ b/tools/image-host.c +@@ -161,7 +161,7 @@ static int fit_image_setup_sig(struct image_sign_info *info, + + memset(info, '\0', sizeof(*info)); + info->keydir = keydir; +- info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); ++ info->keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL); + info->fit = fit; + info->node_offset = noffset; + info->algo = image_get_sig_algo(algo_name); +@@ -234,7 +234,7 @@ static int fit_image_process_sig(const char *keydir, void *keydest, + free(value); + + /* Get keyname again, as FDT has changed and invalidated our pointer */ +- info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); ++ info.keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL); + + /* Write the public key into the supplied FDT file */ + if (keydest && info.algo->add_verify_data(&info, keydest)) { +@@ -605,7 +605,7 @@ static int fit_config_process_sig(const char *keydir, void *keydest, + free(region_prop); + + /* Get keyname again, as FDT has changed and invalidated our pointer */ +- info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); ++ info.keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL); + + /* Write the public key into the supplied FDT file */ + if (keydest) { |