Place TLV size into TLV itself
To allow the signatures to be replaced, move the size of the TLV into a
small "info" header at the start of the TLV.
Note that this causes image swapping to lose robustness. This is fixed
by a later commit.
Based on work by Marko Kiiskila <marko@runtime.io>
Signed-off-by: Marko Kiiskila <marko@runtime.io>
Signed-off-by: David Brown <david.brown@linaro.org>
JIRA: MCUB-65
diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c
index 8004533..003620c 100644
--- a/boot/bootutil/src/image_validate.c
+++ b/boot/bootutil/src/image_validate.c
@@ -146,6 +146,7 @@
uint32_t off;
uint32_t size;
int sha256_valid = 0;
+ struct image_tlv_info info;
#ifdef EXPECTED_SIG_TLV
int valid_signature = 0;
int key_id = -1;
@@ -165,9 +166,19 @@
memcpy(out_hash, hash, 32);
}
+ /* The TLVs come after the image. */
/* After image there are TLVs. */
off = hdr->ih_img_size + hdr->ih_hdr_size;
- size = off + hdr->ih_tlv_size;
+
+ rc = flash_area_read(fap, off, &info, sizeof(info));
+ if (rc) {
+ return rc;
+ }
+ if (info.it_magic != IMAGE_TLV_INFO_MAGIC) {
+ return -1;
+ }
+ size = off + info.it_tlv_tot;
+ off += sizeof(info);
/*
* Traverse through all of the TLVs, performing any checks we know