diff options
Diffstat (limited to 'meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648')
7 files changed, 562 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0001-image-Correct-comment-for-fit_conf_get_node.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0001-image-Correct-comment-for-fit_conf_get_node.patch new file mode 100644 index 000000000..8c922f5e8 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0001-image-Correct-comment-for-fit_conf_get_node.patch @@ -0,0 +1,77 @@ +From 211549e16fa6601f9783e6e3802db9aaa3f4922e Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Tue, 31 Mar 2020 18:43:55 +0200 +Subject: [PATCH] image: Correct comment for fit_conf_get_node() + +This should mention that conf_uname can be NULL and should be in the +header file. Fix this. + +Signed-off-by: Simon Glass <sjg@chromium.org> +Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@linux.intel.com> +--- + common/image-fit.c | 18 ------------------ + include/image.h | 19 +++++++++++++++++++ + 2 files changed, 19 insertions(+), 18 deletions(-) + +diff --git a/common/image-fit.c b/common/image-fit.c +index ac901e131ca1..06f3358c931c 100644 +--- a/common/image-fit.c ++++ b/common/image-fit.c +@@ -1612,24 +1612,6 @@ int fit_conf_find_compat(const void *fit, const void *fdt) + return best_match_offset; + } + +-/** +- * fit_conf_get_node - get node offset for configuration of a given unit name +- * @fit: pointer to the FIT format image header +- * @conf_uname: configuration node unit name +- * +- * fit_conf_get_node() finds a configuration (within the '/configurations' +- * parent node) of a provided unit name. If configuration is found its node +- * offset is returned to the caller. +- * +- * When NULL is provided in second argument fit_conf_get_node() will search +- * for a default configuration node instead. Default configuration node unit +- * name is retrieved from FIT_DEFAULT_PROP property of the '/configurations' +- * node. +- * +- * returns: +- * configuration node offset when found (>=0) +- * negative number on failure (FDT_ERR_* code) +- */ + int fit_conf_get_node(const void *fit, const char *conf_uname) + { + int noffset, confs_noffset; +diff --git a/include/image.h b/include/image.h +index 765ffecee0a7..4b764d11c70d 100644 +--- a/include/image.h ++++ b/include/image.h +@@ -1045,6 +1045,25 @@ int fit_image_check_comp(const void *fit, int noffset, uint8_t comp); + int fit_check_format(const void *fit); + + int fit_conf_find_compat(const void *fit, const void *fdt); ++ ++/** ++ * fit_conf_get_node - get node offset for configuration of a given unit name ++ * @fit: pointer to the FIT format image header ++ * @conf_uname: configuration node unit name (NULL to use default) ++ * ++ * fit_conf_get_node() finds a configuration (within the '/configurations' ++ * parent node) of a provided unit name. If configuration is found its node ++ * offset is returned to the caller. ++ * ++ * When NULL is provided in second argument fit_conf_get_node() will search ++ * for a default configuration node instead. Default configuration node unit ++ * name is retrieved from FIT_DEFAULT_PROP property of the '/configurations' ++ * node. ++ * ++ * returns: ++ * configuration node offset when found (>=0) ++ * negative number on failure (FDT_ERR_* code) ++ */ + int fit_conf_get_node(const void *fit, const char *conf_uname); + + /** +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0002-image-Be-a-little-more-verbose-when-checking-signatu.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0002-image-Be-a-little-more-verbose-when-checking-signatu.patch new file mode 100644 index 000000000..230a7bb0a --- /dev/null +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0002-image-Be-a-little-more-verbose-when-checking-signatu.patch @@ -0,0 +1,45 @@ +From 63c22eddb8fba1b6ffb845765e91587e998e470e Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Tue, 31 Mar 2020 18:43:55 +0200 +Subject: [PATCH] image: Be a little more verbose when checking signatures + +It is useful to be a little more specific about what is being checked. +Update a few messages to help with this. + +Signed-off-by: Simon Glass <sjg@chromium.org> +Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@linux.intel.com> +--- + common/image-fit.c | 2 +- + tools/image-host.c | 3 ++- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/common/image-fit.c b/common/image-fit.c +index 06f3358c931c..58923cbc9371 100644 +--- a/common/image-fit.c ++++ b/common/image-fit.c +@@ -1850,7 +1850,7 @@ int fit_image_load(bootm_headers_t *images, ulong addr, + fit_uname = fit_get_name(fit, noffset, NULL); + } + if (noffset < 0) { +- puts("Could not find subimage node\n"); ++ printf("Could not find subimage node type '%s'\n", prop_name); + bootstage_error(bootstage_id + BOOTSTAGE_SUB_SUBNODE); + return -ENOENT; + } +diff --git a/tools/image-host.c b/tools/image-host.c +index 88b329502ca3..8e94ee8f3e31 100644 +--- a/tools/image-host.c ++++ b/tools/image-host.c +@@ -743,7 +743,8 @@ int fit_check_sign(const void *fit, const void *key) + if (!cfg_noffset) + return -1; + +- printf("Verifying Hash Integrity ... "); ++ printf("Verifying Hash Integrity for node '%s'... ", ++ fdt_get_name(fit, cfg_noffset, NULL)); + ret = fit_config_verify(fit, cfg_noffset); + if (ret) + return ret; +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0003-image-Return-an-error-message-from-fit_config_verify.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0003-image-Return-an-error-message-from-fit_config_verify.patch new file mode 100644 index 000000000..5f82abeda --- /dev/null +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0003-image-Return-an-error-message-from-fit_config_verify.patch @@ -0,0 +1,39 @@ +From 2fa27334977ba688f17edb6b66c8eb355d4a53a5 Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Tue, 31 Mar 2020 18:43:55 +0200 +Subject: [PATCH] image: Return an error message from fit_config_verify_sig() + +This function only returns an error message sometimes. Update it to always +return an error message if one is available. This makes it easier to see +what went wrong. + +Signed-off-by: Simon Glass <sjg@chromium.org> +Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@linux.intel.com> +--- + common/image-sig.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/common/image-sig.c b/common/image-sig.c +index 4f6b4ec412c3..48c89f930276 100644 +--- a/common/image-sig.c ++++ b/common/image-sig.c +@@ -470,13 +470,14 @@ static int fit_config_verify_sig(const void *fit, int conf_noffset, + goto error; + } + +- return verified ? 0 : -EPERM; ++ if (verified) ++ return 0; + + error: + printf(" error!\n%s for '%s' hash node in '%s' config node\n", + err_msg, fit_get_name(fit, noffset, NULL), + fit_get_name(fit, conf_noffset, NULL)); +- return -1; ++ return -EPERM; + } + + int fit_config_verify_required_sigs(const void *fit, int conf_noffset, +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0007-image-Check-hash-nodes-when-checking-configurations.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0007-image-Check-hash-nodes-when-checking-configurations.patch new file mode 100644 index 000000000..9dd5e6668 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0007-image-Check-hash-nodes-when-checking-configurations.patch @@ -0,0 +1,97 @@ +From c7c1af4f9996986f05ced17694b68a575eda328e Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Tue, 31 Mar 2020 18:43:55 +0200 +Subject: [PATCH] image: Check hash-nodes when checking configurations + +It is currently possible to use a different configuration's signature and +thus bypass the configuration check. Make sure that the configuration node +that was hashed matches the one being checked, to catch this problem. + +Also add a proper function comment to fit_config_check_sig() and make it +static. + +Signed-off-by: Simon Glass <sjg@chromium.org> +Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@linux.intel.com> +--- + common/image-sig.c | 36 +++++++++++++++++++++++++++++++++--- + 1 file changed, 33 insertions(+), 3 deletions(-) + +diff --git a/common/image-sig.c b/common/image-sig.c +index 48c89f930276..4526c82acf75 100644 +--- a/common/image-sig.c ++++ b/common/image-sig.c +@@ -330,20 +330,39 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset, + return 0; + } + +-int fit_config_check_sig(const void *fit, int noffset, int required_keynode, +- char **err_msgp) ++/** ++ * fit_config_check_sig() - Check the signature of a config ++ * ++ * @fit: FIT to check ++ * @noffset: Offset of configuration node (e.g. /configurations/conf-1) ++ * @required_keynode: Offset in the control FDT of the required key node, ++ * if any. If this is given, then the configuration wil not ++ * pass verification unless that key is used. If this is ++ * -1 then any signature will do. ++ * @conf_noffset: Offset of the configuration subnode being checked (e.g. ++ * /configurations/conf-1/kernel) ++ * @err_msgp: In the event of an error, this will be pointed to a ++ * help error string to display to the user. ++ * @return 0 if all verified ok, <0 on error ++ */ ++static int fit_config_check_sig(const void *fit, int noffset, ++ int required_keynode, int conf_noffset, ++ char **err_msgp) + { + char * const exc_prop[] = {"data"}; + const char *prop, *end, *name; + struct image_sign_info info; + const uint32_t *strings; ++ const char *config_name; + uint8_t *fit_value; + int fit_value_len; ++ bool found_config; + int max_regions; + int i, prop_len; + char path[200]; + int count; + ++ config_name = fit_get_name(fit, conf_noffset, NULL); + debug("%s: fdt=%p, conf='%s', sig='%s'\n", __func__, gd_fdt_blob(), + fit_get_name(fit, noffset, NULL), + fit_get_name(gd_fdt_blob(), required_keynode, NULL)); +@@ -384,9 +403,20 @@ int fit_config_check_sig(const void *fit, int noffset, int required_keynode, + char *node_inc[count]; + + debug("Hash nodes (%d):\n", count); ++ found_config = false; + for (name = prop, i = 0; name < end; name += strlen(name) + 1, i++) { + debug(" '%s'\n", name); + node_inc[i] = (char *)name; ++ if (!strncmp(FIT_CONFS_PATH, name, strlen(FIT_CONFS_PATH)) && ++ name[sizeof(FIT_CONFS_PATH) - 1] == '/' && ++ !strcmp(name + sizeof(FIT_CONFS_PATH), config_name)) { ++ debug(" (found config node %s)", config_name); ++ found_config = true; ++ } ++ } ++ if (!found_config) { ++ *err_msgp = "Selected config not in hashed nodes"; ++ return -1; + } + + /* +@@ -454,7 +484,7 @@ static int fit_config_verify_sig(const void *fit, int conf_noffset, + if (!strncmp(name, FIT_SIG_NODENAME, + strlen(FIT_SIG_NODENAME))) { + ret = fit_config_check_sig(fit, noffset, sig_offset, +- &err_msg); ++ conf_noffset, &err_msg); + if (ret) { + puts("- "); + } else { +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0008-image-Load-the-correct-configuration-in-fit_check_si.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0008-image-Load-the-correct-configuration-in-fit_check_si.patch new file mode 100644 index 000000000..9a6b64b06 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0008-image-Load-the-correct-configuration-in-fit_check_si.patch @@ -0,0 +1,51 @@ +From 0b274994cc0fe1631c27837a4e4c546b37d7dc77 Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Tue, 31 Mar 2020 18:43:55 +0200 +Subject: [PATCH] image: Load the correct configuration in fit_check_sign + +At present bootm_host_load_images() is passed the configuration that has +been verified, but ignores it and just uses the default configuration. +This may not be the same. + +Update this function to use the selected configuration. + +Signed-off-by: Simon Glass <sjg@chromium.org> +Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@linux.intel.com> +--- + common/bootm.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/common/bootm.c b/common/bootm.c +index 3adbceaa38e3..29091be0a1c8 100644 +--- a/common/bootm.c ++++ b/common/bootm.c +@@ -929,7 +929,8 @@ void memmove_wd(void *to, void *from, size_t len, ulong chunksz) + memmove(to, from, len); + } + +-static int bootm_host_load_image(const void *fit, int req_image_type) ++static int bootm_host_load_image(const void *fit, int req_image_type, ++ int cfg_noffset) + { + const char *fit_uname_config = NULL; + ulong data, len; +@@ -941,6 +942,7 @@ static int bootm_host_load_image(const void *fit, int req_image_type) + void *load_buf; + int ret; + ++ fit_uname_config = fdt_get_name(fit, cfg_noffset, NULL); + memset(&images, '\0', sizeof(images)); + images.verify = 1; + noffset = fit_image_load(&images, (ulong)fit, +@@ -985,7 +987,7 @@ int bootm_host_load_images(const void *fit, int cfg_noffset) + for (i = 0; i < ARRAY_SIZE(image_types); i++) { + int ret; + +- ret = bootm_host_load_image(fit, image_types[i]); ++ ret = bootm_host_load_image(fit, image_types[i], cfg_noffset); + if (!err && ret && ret != -ENOENT) + err = ret; + } +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0009-fit_check_sign-Allow-selecting-the-configuration-to-.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0009-fit_check_sign-Allow-selecting-the-configuration-to-.patch new file mode 100644 index 000000000..3094e7ecc --- /dev/null +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0009-fit_check_sign-Allow-selecting-the-configuration-to-.patch @@ -0,0 +1,101 @@ +From 77b652268cacc0f114ba9e92b79e7ff372ec62ee Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Tue, 31 Mar 2020 18:43:55 +0200 +Subject: [PATCH] fit_check_sign: Allow selecting the configuration to verify + +This tool always verifies the default configuration. It is useful to be +able to verify a specific one. Add a command-line flag for this and plumb +the logic through. + +Signed-off-by: Simon Glass <sjg@chromium.org> +Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@linux.intel.com> +--- + tools/fdt_host.h | 3 ++- + tools/fit_check_sign.c | 8 ++++++-- + tools/image-host.c | 6 ++++-- + 3 files changed, 12 insertions(+), 5 deletions(-) + +diff --git a/tools/fdt_host.h b/tools/fdt_host.h +index 99b009b22109..15c07c7a96ed 100644 +--- a/tools/fdt_host.h ++++ b/tools/fdt_host.h +@@ -27,6 +27,7 @@ + */ + int fdt_remove_unused_strings(const void *old, void *new); + +-int fit_check_sign(const void *working_fdt, const void *key); ++int fit_check_sign(const void *fit, const void *key, ++ const char *fit_uname_config); + + #endif /* __FDT_HOST_H__ */ +diff --git a/tools/fit_check_sign.c b/tools/fit_check_sign.c +index 62adc751cbce..303e878ddb4d 100644 +--- a/tools/fit_check_sign.c ++++ b/tools/fit_check_sign.c +@@ -41,6 +41,7 @@ int main(int argc, char **argv) + void *fit_blob; + char *fdtfile = NULL; + char *keyfile = NULL; ++ char *config_name = NULL; + char cmdname[256]; + int ret; + void *key_blob; +@@ -48,7 +49,7 @@ int main(int argc, char **argv) + + strncpy(cmdname, *argv, sizeof(cmdname) - 1); + cmdname[sizeof(cmdname) - 1] = '\0'; +- while ((c = getopt(argc, argv, "f:k:")) != -1) ++ while ((c = getopt(argc, argv, "f:k:c:")) != -1) + switch (c) { + case 'f': + fdtfile = optarg; +@@ -56,6 +57,9 @@ int main(int argc, char **argv) + case 'k': + keyfile = optarg; + break; ++ case 'c': ++ config_name = optarg; ++ break; + default: + usage(cmdname); + break; +@@ -78,7 +82,7 @@ int main(int argc, char **argv) + return EXIT_FAILURE; + + image_set_host_blob(key_blob); +- ret = fit_check_sign(fit_blob, key_blob); ++ ret = fit_check_sign(fit_blob, key_blob, config_name); + if (!ret) { + ret = EXIT_SUCCESS; + fprintf(stderr, "Signature check OK\n"); +diff --git a/tools/image-host.c b/tools/image-host.c +index 8e94ee8f3e31..28474bc7fc8b 100644 +--- a/tools/image-host.c ++++ b/tools/image-host.c +@@ -734,12 +734,13 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit, + } + + #ifdef CONFIG_FIT_SIGNATURE +-int fit_check_sign(const void *fit, const void *key) ++int fit_check_sign(const void *fit, const void *key, ++ const char *fit_uname_config) + { + int cfg_noffset; + int ret; + +- cfg_noffset = fit_conf_get_node(fit, NULL); ++ cfg_noffset = fit_conf_get_node(fit, fit_uname_config); + if (!cfg_noffset) + return -1; + +@@ -748,6 +749,7 @@ int fit_check_sign(const void *fit, const void *key) + ret = fit_config_verify(fit, cfg_noffset); + if (ret) + return ret; ++ printf("Verified OK, loading images\n"); + ret = bootm_host_load_images(fit, cfg_noffset); + + return ret; +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch new file mode 100644 index 000000000..6cdaaa656 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0012-image-Use-constants-for-required-and-key-name-hint.patch @@ -0,0 +1,152 @@ +From b7249b8a036200cd461d0676a330b865f7309231 Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Tue, 31 Mar 2020 18:43:55 +0200 +Subject: [PATCH] image: Use constants for 'required' and 'key-name-hint' + +These are used in multiple places so update them to use a shared #define. + +Signed-off-by: Simon Glass <sjg@chromium.org> +Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@linux.intel.com> +--- + common/image-fit.c | 6 +++--- + common/image-sig.c | 8 +++++--- + include/image.h | 4 +++- + lib/rsa/rsa-sign.c | 6 +++--- + tools/image-host.c | 6 +++--- + 5 files changed, 17 insertions(+), 13 deletions(-) + +diff --git a/common/image-fit.c b/common/image-fit.c +index 58923cbc9371..b2f41ba408be 100644 +--- a/common/image-fit.c ++++ b/common/image-fit.c +@@ -166,7 +166,7 @@ static void fit_image_print_data(const void *fit, int noffset, const char *p, + int value_len; + char *algo; + const char *padding; +- int required; ++ bool required; + int ret, i; + + debug("%s %s node: '%s'\n", p, type, +@@ -177,8 +177,8 @@ static void fit_image_print_data(const void *fit, int noffset, const char *p, + return; + } + printf("%s", algo); +- keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); +- required = fdt_getprop(fit, noffset, "required", NULL) != NULL; ++ keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL); ++ required = fdt_getprop(fit, noffset, FIT_KEY_REQUIRED, NULL) != NULL; + if (keyname) + printf(":%s", keyname); + if (required) +diff --git a/common/image-sig.c b/common/image-sig.c +index 4526c82acf75..e0987af4f5e8 100644 +--- a/common/image-sig.c ++++ b/common/image-sig.c +@@ -200,7 +200,7 @@ static int fit_image_setup_verify(struct image_sign_info *info, + padding_name = RSA_DEFAULT_PADDING_NAME; + + memset(info, '\0', sizeof(*info)); +- info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); ++ info->keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL); + info->fit = (void *)fit; + info->node_offset = noffset; + info->name = algo_name; +@@ -311,7 +311,8 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset, + const char *required; + int ret; + +- required = fdt_getprop(sig_blob, noffset, "required", NULL); ++ required = fdt_getprop(sig_blob, noffset, FIT_KEY_REQUIRED, ++ NULL); + if (!required || strcmp(required, "image")) + continue; + ret = fit_image_verify_sig(fit, image_noffset, data, size, +@@ -528,7 +529,8 @@ int fit_config_verify_required_sigs(const void *fit, int conf_noffset, + const char *required; + int ret; + +- required = fdt_getprop(sig_blob, noffset, "required", NULL); ++ required = fdt_getprop(sig_blob, noffset, FIT_KEY_REQUIRED, ++ NULL); + if (!required || strcmp(required, "conf")) + continue; + ret = fit_config_verify_sig(fit, conf_noffset, sig_blob, +diff --git a/include/image.h b/include/image.h +index 4b764d11c70d..afb9bea17c34 100644 +--- a/include/image.h ++++ b/include/image.h +@@ -903,12 +903,14 @@ int booti_setup(ulong image, ulong *relocated_addr, ulong *size, + #define FIT_IMAGES_PATH "/images" + #define FIT_CONFS_PATH "/configurations" + +-/* hash/signature node */ ++/* hash/signature/key node */ + #define FIT_HASH_NODENAME "hash" + #define FIT_ALGO_PROP "algo" + #define FIT_VALUE_PROP "value" + #define FIT_IGNORE_PROP "uboot-ignore" + #define FIT_SIG_NODENAME "signature" ++#define FIT_KEY_REQUIRED "required" ++#define FIT_KEY_HINT "key-name-hint" + + /* image node */ + #define FIT_DATA_PROP "data" +diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c +index fb5e07b56d8a..5f0f27d2f6f9 100644 +--- a/lib/rsa/rsa-sign.c ++++ b/lib/rsa/rsa-sign.c +@@ -773,8 +773,8 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest) + } + + if (!ret) { +- ret = fdt_setprop_string(keydest, node, "key-name-hint", +- info->keyname); ++ ret = fdt_setprop_string(keydest, node, FIT_KEY_HINT, ++ info->keyname); + } + if (!ret) + ret = fdt_setprop_u32(keydest, node, "rsa,num-bits", bits); +@@ -796,7 +796,7 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest) + info->name); + } + if (!ret && info->require_keys) { +- ret = fdt_setprop_string(keydest, node, "required", ++ ret = fdt_setprop_string(keydest, node, FIT_KEY_REQUIRED, + info->require_keys); + } + done: +diff --git a/tools/image-host.c b/tools/image-host.c +index 28474bc7fc8b..3396d8234e52 100644 +--- a/tools/image-host.c ++++ b/tools/image-host.c +@@ -170,7 +170,7 @@ static int fit_image_setup_sig(struct image_sign_info *info, + + memset(info, '\0', sizeof(*info)); + info->keydir = keydir; +- info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); ++ info->keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL); + info->fit = fit; + info->node_offset = noffset; + info->name = strdup(algo_name); +@@ -249,7 +249,7 @@ static int fit_image_process_sig(const char *keydir, void *keydest, + free(value); + + /* Get keyname again, as FDT has changed and invalidated our pointer */ +- info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); ++ info.keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL); + + /* + * Write the public key into the supplied FDT file; this might fail +@@ -630,7 +630,7 @@ static int fit_config_process_sig(const char *keydir, void *keydest, + free(region_prop); + + /* Get keyname again, as FDT has changed and invalidated our pointer */ +- info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); ++ info.keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL); + + /* Write the public key into the supplied FDT file */ + if (keydest) { +-- +2.17.1 + |