Place TLV size into TLV itself To allow the signatures to be replaced, move the size of the TLV into a small "info" header at the start of the TLV. Note that this causes image swapping to lose robustness. This is fixed by a later commit. Based on work by Marko Kiiskila <marko@runtime.io> Signed-off-by: Marko Kiiskila <marko@runtime.io> Signed-off-by: David Brown <david.brown@linaro.org> JIRA: MCUB-65

commit: f5b33d8b9d61e77227cf44c01d95f1a367e137c8 [log] [tgz]
author: David Brown <david.brown@linaro.org> Fri Sep 01 10:58:27 2017 -0600
committer: David Brown <davidb@davidb.org> Wed Sep 06 16:16:58 2017 -0600
tree: 282418a02dfade076f6583512065b1daa26e81e2
parent: 43cda33c5aecd6594e4adae66d7d922364b2ce84 [diff] [blame]
diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c
index 8004533..003620c 100644
--- a/boot/bootutil/src/image_validate.c
+++ b/boot/bootutil/src/image_validate.c

@@ -146,6 +146,7 @@
     uint32_t off;
     uint32_t size;
     int sha256_valid = 0;
+    struct image_tlv_info info;
 #ifdef EXPECTED_SIG_TLV
     int valid_signature = 0;
     int key_id = -1;
@@ -165,9 +166,19 @@
         memcpy(out_hash, hash, 32);
     }
 
+    /* The TLVs come after the image. */
     /* After image there are TLVs. */
     off = hdr->ih_img_size + hdr->ih_hdr_size;
-    size = off + hdr->ih_tlv_size;
+
+    rc = flash_area_read(fap, off, &info, sizeof(info));
+    if (rc) {
+            return rc;
+    }
+    if (info.it_magic != IMAGE_TLV_INFO_MAGIC) {
+            return -1;
+    }
+    size = off + info.it_tlv_tot;
+    off += sizeof(info);
 
     /*
      * Traverse through all of the TLVs, performing any checks we know
commit	f5b33d8b9d61e77227cf44c01d95f1a367e137c8	[log] [tgz]
author	David Brown <david.brown@linaro.org>	Fri Sep 01 10:58:27 2017 -0600
committer	David Brown <davidb@davidb.org>	Wed Sep 06 16:16:58 2017 -0600
tree	282418a02dfade076f6583512065b1daa26e81e2
parent	43cda33c5aecd6594e4adae66d7d922364b2ce84 [diff] [blame]