commit b33e5cc18263d438d11bb9a728b4117cc560cae4
author Patrick Oppenlander <patrick.oppenlander@gmail.com> Thu Jul 30 14:22:15 2020 +1000
committer Tom Rini <trini@konsulko.com> Fri Aug 07 11:47:18 2020 -0400
tree 9f2dc27543df7ba6adeb659f6838574626f34382
parent 04aeebb131081698204ad38bd8aba7140cd3ba22

mkimage: fit: don't cipher ciphered data

Previously, mkimage -F could be run multiple times causing already
ciphered image data to be ciphered again.

Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com>
Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>

tools/image-host.c

diff --git a/tools/image-host.c b/tools/image-host.c
index b4603c5..e5417be 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -482,7 +482,7 @@
 	const char *image_name;
 	const void *data;
 	size_t size;
-	int cipher_node_offset;
+	int cipher_node_offset, len;
 
 	/* Get image name */
 	image_name = fit_get_name(fit, image_noffset, NULL);
@@ -497,6 +497,19 @@
 		return -1;
 	}
 
+	/*
+	 * Don't cipher ciphered data.
+	 *
+	 * If the data-size-unciphered property is present the data for this
+	 * image is already encrypted. This is important as 'mkimage -F' can be
+	 * run multiple times on a FIT image.
+	 */
+	if (fdt_getprop(fit, image_noffset, "data-size-unciphered", &len))
+		return 0;
+	if (len != -FDT_ERR_NOTFOUND) {
+		printf("Failure testing for data-size-unciphered\n");
+		return -1;
+	}
 
 	/* Process cipher node if present */
 	cipher_node_offset = fdt_subnode_offset(fit, image_noffset,