Signed images are corrupted by reading in and writing out

Question

Signed images are corrupted by reading in and writing out

MartinBonner opened this issue 4 years ago · 2 comments

Given a signed FIT configuration created by mkimage, if you read it in with pyFDT and then write it out again (no changes), the signature will no longer validate.

The reason is that mkimage choses a rather strange order to write out the strings at the end of the itb/dtb, and these strings are included in the data that is signed.

I have a fix which involves reading the strings buffer out of the original file, and passing this into FDT.write_dtb as an initial value of the strings buffer for the output. This disadvantage of using this, is that if a string is no longer used in the output file, it will still be written to the output file. There is actually no way to avoid this if the string data is part of the signed data.

This is a rather esoteric use case, and it may be reasonable to WONTFIX the issue

MartinBonner commented 4 years ago

See #13

Answer 1 · 2021-02-17T20:44:37.000Z

I haven't experience with signed DTB images, but I accepted your elegant fixation because the added functionality is fully optional and isn't breaking the API. Thanks.