fit: Fix verification of images with external data The "-E" option to mkimage generates a FIT with external data using the data-size and data-offset properties which must both be ignored when verifying a signature. Add "data-offset" to the list of excluded properties for signature verification; since the line is now too long, re-format the list to one-per-line and make it static since the data is constant. Signed-off-by: John Keeping <john@metanate.com> Reviewed-by: Simon Glass <sjg@chromium.org>

commit: 8edecd3110e65ca96a50a37bf7ca65ed45070452 [log] [tgz]
author: John Keeping <john@metanate.com> Tue Apr 20 19:19:44 2021 +0100
committer: Tom Rini <trini@konsulko.com> Wed Aug 04 15:57:13 2021 -0400
tree: ddffde6871041ef074cdc3caf783a24cd2188f27
parent: 66217225f7987fbfecdcc4eca3f16d0ec188dc76 [diff] [blame]
diff --git a/common/image-fit-sig.c b/common/image-fit-sig.c
index 55ddf18..b979cd2 100644
--- a/common/image-fit-sig.c
+++ b/common/image-fit-sig.c

@@ -245,7 +245,13 @@
 				int required_keynode, int conf_noffset,
 				char **err_msgp)
 {
-	char * const exc_prop[] = {"data", "data-size", "data-position"};
+	static char * const exc_prop[] = {
+		"data",
+		"data-size",
+		"data-position",
+		"data-offset"
+	};
+
 	const char *prop, *end, *name;
 	struct image_sign_info info;
 	const uint32_t *strings;
commit	8edecd3110e65ca96a50a37bf7ca65ed45070452	[log] [tgz]
author	John Keeping <john@metanate.com>	Tue Apr 20 19:19:44 2021 +0100
committer	Tom Rini <trini@konsulko.com>	Wed Aug 04 15:57:13 2021 -0400
tree	ddffde6871041ef074cdc3caf783a24cd2188f27
parent	66217225f7987fbfecdcc4eca3f16d0ec188dc76 [diff] [blame]