commit 52eee56746ec6796c3c6e51a64d0c6fbd6025891
author David Brown <david.brown@linaro.org> Wed Jul 05 11:25:09 2017 -0600
committer David Brown <davidb@davidb.org> Thu Jul 13 17:52:20 2017 -0600
tree 1218f2e56716a86ab9208db5552579f65e658a37
parent 554c52e64c6037f3cdc91c790d5a1d7952269dfe

Reload headers before verifying signature

After performing any kind of swap, reload the headers from the image(s)
before verifying the new image.

boot/bootutil/src/loader.c

diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c
index aa6e1ab..178a9c7 100644
--- a/boot/bootutil/src/loader.c
+++ b/boot/bootutil/src/loader.c
@@ -24,6 +24,7 @@
 
 #include <assert.h>
 #include <stddef.h>
+#include <stdbool.h>
 #include <inttypes.h>
 #include <stdlib.h>
 #include <string.h>
@@ -1225,6 +1226,7 @@
     size_t slot;
     int rc;
     int fa_id;
+    bool reload_headers = false;
 
     /* The array of slot sectors are defined here (as opposed to file scope) so
      * that they don't get allocated for non-boot-loader apps.  This is
@@ -1280,11 +1282,13 @@
     case BOOT_SWAP_TYPE_PERM:
         slot = 1;
         boot_finalize_test_swap();
+        reload_headers = true;
         break;
 
     case BOOT_SWAP_TYPE_REVERT:
         slot = 1;
         boot_finalize_revert_swap();
+        reload_headers = true;
         break;
 
     case BOOT_SWAP_TYPE_FAIL:
@@ -1294,6 +1298,7 @@
          */
         slot = 0;
         boot_finalize_revert_swap();
+        reload_headers = true;
         break;
 
     default:
@@ -1303,6 +1308,13 @@
     }
 
 #ifdef MCUBOOT_VALIDATE_SLOT0
+    if (reload_headers) {
+            rc = boot_read_image_headers();
+            if (rc != 0) {
+                    goto out;
+            }
+    }
+
     rc = boot_validate_slot(0);
     assert(rc == 0);
     if (rc != 0) {