Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Permit using the Updater _hash function, even if we don't have a signature appended to the image #8472

Closed
wants to merge 5 commits into from

Conversation

einglis
Copy link
Contributor

@einglis einglis commented Jan 31, 2022

The _hash and _verify functionality of the Updater class are pretty much entwined. But it might be useful to calculate the hash, even without a signature present in the image itself. This change permits that by allowing a zero-length signature.

For reference, one possible use case is where the expected hash is provided separately to the uploaded image. Another is to provide generic post-upload validation of the image: the hash function permits a convenient way of inspecting the complete image against arbitrary conditions; this is particularly useful after HTTP client OTA updates.

(It's fair that reading the whole image back out of flash is not very efficient, but that's not the concern of this PR.)

@einglis
Copy link
Contributor Author

einglis commented Feb 2, 2022

Hold on. This line:

int binSize = _size - sigLen - sizeof(uint32_t) /* The siglen word */;

still ends up subtracting an extra uint32_t from the total image length, so the hash function doesn't get to see all the data.

Sorry I didn't catch this sooner.

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants