prabhakalad has quit [Quit: Konversation terminated!]
prabhakalad has joined #u-boot
qschulz has quit [Read error: Connection reset by peer]
zibolo has quit [Ping timeout: 252 seconds]
qschulz has joined #u-boot
zibolo has joined #u-boot
vagrantc has quit [Quit: leaving]
goliath has quit [Quit: SIGSEGV]
naoki has quit [Quit: naoki]
mrnuke has quit [Ping timeout: 245 seconds]
mrnuke has joined #u-boot
hellodub has quit [Ping timeout: 260 seconds]
hellodub has joined #u-boot
jclsn has quit [Ping timeout: 265 seconds]
jclsn has joined #u-boot
mmu_man has quit [Ping timeout: 260 seconds]
mmu_man has joined #u-boot
mmu_man has quit [Ping timeout: 252 seconds]
persmule has quit [Remote host closed the connection]
sally has quit [Remote host closed the connection]
Stat_headcrabbed has joined #u-boot
warpme has joined #u-boot
warpme has quit [Client Quit]
naoki has joined #u-boot
naoki has quit [Quit: naoki]
<sjg1>
marex: If you see p34 in those slides, the properties in the configuration node itself are protected. The properties in the signature subnodes are not
<sjg1>
marex: Changes to properties in the signature node may still cause a verification failure, e.g. changing the algorithm
<marex>
sjg1: you wrote "it makes no sense to add a hash node to a configuration" ... but clearly with signed fitImage, the configuration node properties have to be somehow protected, presumably by calculating hash of those and signing the hash ? So why can we not add that same hash to configuration node ?
<sjg1>
marex: You can certainly implement that
<marex>
sjg1: wait ... I am completely confused by your recent answers, they even contradict each other ... you wrote I can add a hash to config node, but it makes no sense, but it is not implemented, even if signed fitImages do just that ... ?
dsimic has quit [Ping timeout: 255 seconds]
dsimic has joined #u-boot
<sjg1>
marex: I am also very, very confused
<sjg1>
marex: Are you asking why, since signature-creation hashes the configuration node (and other things) we could not use that same code for the non-signature case, and add a hash?
<marex>
sjg1: no
<marex>
sjg1: I just want to add a hash to the configuration node and that hash is currently not calculated and inserted even if I add the hash@ node into configuration node, and I want to know why, as that is necessary to detect bitrot on the configuration node
<sjg1>
marex: Well, it isn't implemented
zsoltiv_ has joined #u-boot
<marex>
sjg1: so it is not "you cannot hash a configuration" but "it isn't implemented" then ?
<sjg1>
marex: Yes. By 'cannot' I mean it is not implemented
<sjg1>
marex: as in 'cannot today'. But it is just software, so...
slobodan has joined #u-boot
Stat_headcrabbe1 has joined #u-boot
Stat_headcrabbed has quit [Ping timeout: 246 seconds]
<sjg1>
Tartarus: Oh that's odd, I just sent an email about it
<sjg1>
Tartarus: I don't know, you could perhaps make the test return -EGAIN ?
<sjg1>
-EAGAIN
<sjg1>
But lwip needs some work on sandbox and I believe Jerome is looking at it
<Tartarus>
This isn't about lwip
<Tartarus>
And no, I'm not wanting to touch the test myself atm
<sjg1>
Tartarus: Oh, I assumed that is why is broke, but I suppose not. I just took a quick look, but I don't know why it fails within CI...seems to work OK in isolation, at least for me
<Tartarus>
sjg1: Hmm, digging a little harder now, sorry, I'll poke Jerome about it since it's a problem outside of sandbox too
mmu_man has quit [Ping timeout: 244 seconds]
mmu_man has joined #u-boot
Stat_headcrabbed has quit [Quit: Stat_headcrabbed]
ikarso has quit [Quit: Connection closed for inactivity]
___nick___ has joined #u-boot
___nick___ has quit [Client Quit]
___nick___ has joined #u-boot
ellyq has joined #u-boot
slobodan has quit [Read error: Connection reset by peer]