[openwrt/openwrt] treewide: validate unified uImage.FIT images before flashing

LEDE Commits lede-commits at lists.infradead.org
Mon Apr 21 08:13:10 PDT 2025 

dangole pushed a commit to openwrt/openwrt.git, branch main:
https://git.openwrt.org/29ec74b8c7b775debeda7f32fd1f2601dd9b082f

commit 29ec74b8c7b775debeda7f32fd1f2601dd9b082f
Author: Daniel Golle <daniel at makrotopia.org>
AuthorDate: Sat Mar 29 05:09:09 2025 +0000

    treewide: validate unified uImage.FIT images before flashing
    
    Prevent flashing truncated or otherwise corrupted uImage.FIT images
    by verifying checksums and hashes of all sub-images before flashing
    using the newly packaged fit_check_sign tool.
    
    Signed-off-by: Daniel Golle <daniel at makrotopia.org>
---
 package/utils/fitblk/Makefile                                  |  1 +
 package/utils/fitblk/files/fit.sh                              | 10 ++++++++++
 .../linux/mediatek/filogic/base-files/lib/upgrade/platform.sh  |  9 +++------
 .../linux/mediatek/mt7622/base-files/lib/upgrade/platform.sh   |  2 +-
 .../linux/mediatek/mt7623/base-files/lib/upgrade/platform.sh   |  2 +-
 target/linux/siflower/sf21/base-files/lib/upgrade/platform.sh  | 10 +++-------
 6 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/package/utils/fitblk/Makefile b/package/utils/fitblk/Makefile
index 325963d8e2..b8f881937e 100644
--- a/package/utils/fitblk/Makefile
+++ b/package/utils/fitblk/Makefile
@@ -16,6 +16,7 @@ define Package/fitblk
   SECTION:=base
   CATEGORY:=Base system
   TITLE:=fitblk firmware release tool
+  DEPENDS:=+fit-check-sign
 endef
 
 define Package/fitblk/description
diff --git a/package/utils/fitblk/files/fit.sh b/package/utils/fitblk/files/fit.sh
index b715a15ddf..839389bed4 100644
--- a/package/utils/fitblk/files/fit.sh
+++ b/package/utils/fitblk/files/fit.sh
@@ -61,3 +61,13 @@ fit_do_upgrade() {
 		;;
 	esac
 }
+
+fit_check_image() {
+	local magic="$(get_magic_long "$1")"
+	[ "$magic" != "d00dfeed" ] && {
+		echo "Invalid image type."
+		return 74
+	}
+
+	fit_check_sign -f "$1" >/dev/null || return 74
+}
diff --git a/target/linux/mediatek/filogic/base-files/lib/upgrade/platform.sh b/target/linux/mediatek/filogic/base-files/lib/upgrade/platform.sh
index 622f880604..01753c0a03 100755
--- a/target/linux/mediatek/filogic/base-files/lib/upgrade/platform.sh
+++ b/target/linux/mediatek/filogic/base-files/lib/upgrade/platform.sh
@@ -1,5 +1,5 @@
 REQUIRE_IMAGE_METADATA=1
-RAMFS_COPY_BIN='fitblk'
+RAMFS_COPY_BIN='fitblk fit_check_sign'
 
 asus_initial_setup()
 {
@@ -224,11 +224,8 @@ platform_check_image() {
 	xiaomi,redmi-router-ax6000-ubootmod|\
 	xiaomi,mi-router-wr30u-ubootmod|\
 	zyxel,ex5601-t0-ubootmod)
-		[ "$magic" != "d00dfeed" ] && {
-			echo "Invalid image type."
-			return 1
-		}
-		return 0
+		fit_check_image "$1"
+		return $?
 		;;
 	nradio,c8-668gl)
 		# tar magic `ustar`
diff --git a/target/linux/mediatek/mt7622/base-files/lib/upgrade/platform.sh b/target/linux/mediatek/mt7622/base-files/lib/upgrade/platform.sh
index f017509637..9019eb6900 100755
--- a/target/linux/mediatek/mt7622/base-files/lib/upgrade/platform.sh
+++ b/target/linux/mediatek/mt7622/base-files/lib/upgrade/platform.sh
@@ -1,5 +1,5 @@
 REQUIRE_IMAGE_METADATA=1
-RAMFS_COPY_BIN='fitblk'
+RAMFS_COPY_BIN='fitblk fit_check_sign'
 
 platform_do_upgrade() {
 	local board=$(board_name)
diff --git a/target/linux/mediatek/mt7623/base-files/lib/upgrade/platform.sh b/target/linux/mediatek/mt7623/base-files/lib/upgrade/platform.sh
index bce6709a58..ce40e26afb 100755
--- a/target/linux/mediatek/mt7623/base-files/lib/upgrade/platform.sh
+++ b/target/linux/mediatek/mt7623/base-files/lib/upgrade/platform.sh
@@ -1,5 +1,5 @@
 REQUIRE_IMAGE_METADATA=1
-RAMFS_COPY_BIN='fitblk'
+RAMFS_COPY_BIN='fitblk fit_check_sign'
 
 # Legacy full system upgrade including preloader for MediaTek SoCs on eMMC or SD
 legacy_mtk_mmc_full_upgrade() {
diff --git a/target/linux/siflower/sf21/base-files/lib/upgrade/platform.sh b/target/linux/siflower/sf21/base-files/lib/upgrade/platform.sh
index ac90f253b4..72f35f6925 100644
--- a/target/linux/siflower/sf21/base-files/lib/upgrade/platform.sh
+++ b/target/linux/siflower/sf21/base-files/lib/upgrade/platform.sh
@@ -1,5 +1,5 @@
 REQUIRE_IMAGE_METADATA=1
-RAMFS_COPY_BIN='fitblk'
+RAMFS_COPY_BIN='fitblk fit_check_sign'
 
 platform_do_upgrade() {
 	local board=$(board_name)
@@ -18,17 +18,13 @@ PART_NAME=firmware
 
 platform_check_image() {
 	local board=$(board_name)
-	local magic="$(get_magic_long "$1")"
 
 	[ "$#" -gt 1 ] && return 1
 
 	case "$board" in
 	*)
-		[ "$magic" != "d00dfeed" ] && {
-			echo "Invalid image type."
-			return 1
-		}
-		return 0
+		fit_check_image "$1"
+		return $?
 		;;
 	esac

More information about the lede-commits mailing list