lib: rsa: rsa-verify: don't look for keys in the FIT image In the function rsa_verify_hash, if the "main" key doesn't work, u-boot try others keys. But it searches those keys in the FIT image instead of the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>

commit: 7258c3fbe884d0d669e7d4c06d784066bfb3f0eb [log] [tgz]
author: Philippe Reynes <philippe.reynes@softathome.com> Tue Jan 12 19:18:54 2021 +0100
committer: Tom Rini <trini@konsulko.com> Wed Jan 27 17:03:16 2021 -0500
tree: d0a2b09c319c2085528befe712588b7887947370
parent: ede8909a8d12e9c5dd928dafbe652ffa3b3f1015 [diff]
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 0ab0f62..e34d329 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c

@@ -522,10 +522,10 @@
 			return ret;
 
 		/* No luck, so try each of the keys in turn */
-		for (ndepth = 0, noffset = fdt_next_node(info->fit, sig_node,
+		for (ndepth = 0, noffset = fdt_next_node(blob, sig_node,
 							 &ndepth);
 		     (noffset >= 0) && (ndepth > 0);
-		     noffset = fdt_next_node(info->fit, noffset, &ndepth)) {
+		     noffset = fdt_next_node(blob, noffset, &ndepth)) {
 			if (ndepth == 1 && noffset != node) {
 				ret = rsa_verify_with_keynode(info, hash,
 							      sig, sig_len,
commit	7258c3fbe884d0d669e7d4c06d784066bfb3f0eb	[log] [tgz]
author	Philippe Reynes <philippe.reynes@softathome.com>	Tue Jan 12 19:18:54 2021 +0100
committer	Tom Rini <trini@konsulko.com>	Wed Jan 27 17:03:16 2021 -0500
tree	d0a2b09c319c2085528befe712588b7887947370
parent	ede8909a8d12e9c5dd928dafbe652ffa3b3f1015 [diff]