Tartarus changed the topic of #u-boot to: SOURCE MOVED TO https://source.denx.de/u-boot/u-boot.git / U-Boot v2024.10 is OUT / Merge Window is OPEN, next branch is CLOSED / Release v2025.01 is scheduled for 06 January 2025 / Channel archives at https://libera.irclog.whitequark.org/u-boot
Wouter01002 has quit [Quit: The Lounge - https://thelounge.chat]
Wouter01002 has joined #u-boot
prabhakalad has quit [Quit: Konversation terminated!]
prabhakalad has joined #u-boot
qschulz has quit [Read error: Connection reset by peer]
zibolo has quit [Ping timeout: 252 seconds]
qschulz has joined #u-boot
zibolo has joined #u-boot
vagrantc has quit [Quit: leaving]
goliath has quit [Quit: SIGSEGV]
naoki has quit [Quit: naoki]
mrnuke has quit [Ping timeout: 245 seconds]
mrnuke has joined #u-boot
hellodub has quit [Ping timeout: 260 seconds]
hellodub has joined #u-boot
jclsn has quit [Ping timeout: 265 seconds]
jclsn has joined #u-boot
mmu_man has quit [Ping timeout: 260 seconds]
mmu_man has joined #u-boot
mmu_man has quit [Ping timeout: 252 seconds]
persmule has quit [Remote host closed the connection]
sally has quit [Remote host closed the connection]
Stat_headcrabbed has joined #u-boot
warpme has joined #u-boot
warpme has quit [Client Quit]
naoki has joined #u-boot
naoki has quit [Quit: naoki]
<sjg1> marex: If you see p34 in those slides, the properties in the configuration node itself are protected. The properties in the signature subnodes are not
<sjg1> marex: Changes to properties in the signature node may still cause a verification failure, e.g. changing the algorithm
<sjg1> marex: There is also quite a bit of info about changing a FIT at https://docs.u-boot.org/en/latest/usage/fit/beaglebone_vboot.html (starting hawlfway down)
warpme has joined #u-boot
senzilla has quit []
senzilla has joined #u-boot
slobodan has joined #u-boot
prabhakalad has quit [Ping timeout: 246 seconds]
Wouter01002 has quit [Quit: The Lounge - https://thelounge.chat]
Wouter01002 has joined #u-boot
prabhakalad has joined #u-boot
slobodan has quit [Ping timeout: 244 seconds]
pivi has quit [Remote host closed the connection]
pivi has joined #u-boot
goliath has joined #u-boot
warpme has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
warpme has joined #u-boot
mmu_man has joined #u-boot
<marex> sjg1: I am not talking about signed fitImage
<marex> sjg1: I am talking about plain and simple fitImage with hash nodes
<sjg1> Oh. Well, you could do that
Wouter01002 has quit [Quit: The Lounge - https://thelounge.chat]
Wouter01002 has joined #u-boot
Rahix_ has quit [Quit: ZNC - https://znc.in]
Rahix has joined #u-boot
persmule has joined #u-boot
<marex> sjg1: you wrote "it makes no sense to add a hash node to a configuration" ... but clearly with signed fitImage, the configuration node properties have to be somehow protected, presumably by calculating hash of those and signing the hash ? So why can we not add that same hash to configuration node ?
<sjg1> marex: You can certainly implement that
<marex> sjg1: wait ... I am completely confused by your recent answers, they even contradict each other ... you wrote I can add a hash to config node, but it makes no sense, but it is not implemented, even if signed fitImages do just that ... ?
dsimic has quit [Ping timeout: 255 seconds]
dsimic has joined #u-boot
<sjg1> marex: I am also very, very confused
<sjg1> marex: Are you asking why, since signature-creation hashes the configuration node (and other things) we could not use that same code for the non-signature case, and add a hash?
<marex> sjg1: no
<marex> sjg1: I just want to add a hash to the configuration node and that hash is currently not calculated and inserted even if I add the hash@ node into configuration node, and I want to know why, as that is necessary to detect bitrot on the configuration node
<sjg1> marex: Well, it isn't implemented
zsoltiv_ has joined #u-boot
<marex> sjg1: so it is not "you cannot hash a configuration" but "it isn't implemented" then ?
<sjg1> marex: Yes. By 'cannot' I mean it is not implemented
<sjg1> marex: as in 'cannot today'. But it is just software, so...
slobodan has joined #u-boot
Stat_headcrabbe1 has joined #u-boot
Stat_headcrabbed has quit [Ping timeout: 246 seconds]
Stat_headcrabbe1 is now known as Stat_headcrabbed
ikarso has joined #u-boot
<Tartarus> sjg1: Looking at https://source.denx.de/u-boot/u-boot/-/jobs/932621 it's because the test is wrong I think and needs to be fixed with https://patchwork.ozlabs.org/project/uboot/patch/20241008094646.4052174-1-jerome.forissier@linaro.org/ can you perhaps fix the test, or do I need to ask Jerome?
<sjg1> Tartarus: Oh that's odd, I just sent an email about it
<sjg1> Tartarus: I don't know, you could perhaps make the test return -EGAIN ?
<sjg1> -EAGAIN
<sjg1> But lwip needs some work on sandbox and I believe Jerome is looking at it
<Tartarus> This isn't about lwip
<Tartarus> And no, I'm not wanting to touch the test myself atm
<sjg1> Tartarus: Oh, I assumed that is why is broke, but I suppose not. I just took a quick look, but I don't know why it fails within CI...seems to work OK in isolation, at least for me
<Tartarus> sjg1: Hmm, digging a little harder now, sorry, I'll poke Jerome about it since it's a problem outside of sandbox too
mmu_man has quit [Ping timeout: 244 seconds]
mmu_man has joined #u-boot
Stat_headcrabbed has quit [Quit: Stat_headcrabbed]
ikarso has quit [Quit: Connection closed for inactivity]
___nick___ has joined #u-boot
___nick___ has quit [Client Quit]
___nick___ has joined #u-boot
ellyq has joined #u-boot
slobodan has quit [Read error: Connection reset by peer]
___nick___ has quit [Ping timeout: 260 seconds]
naoki has joined #u-boot
Wouter01002 has quit [Quit: The Lounge - https://thelounge.chat]
Wouter01002 has joined #u-boot
alexxy has quit [Quit: No Ping reply in 180 seconds.]
alexxy has joined #u-boot
goliath has quit [Quit: SIGSEGV]
sally_ has joined #u-boot
sally_ is now known as sally