From 0f141e3550c633b1f2e0a2daab3bf8377c8d1fe8 Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Fri, 23 Aug 2024 08:13:26 +0100 Subject: [PATCH] bootutil: loader: Remove encrypted/compressed images without support Checks if images have compressed or encrypted image flags and, if so, and those options are not enabled in that MCUboot build, will class the images as invalid and delete them (these images cannot be used without support anyway) Signed-off-by: Jamie McCrae --- boot/bootutil/src/loader.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index 8663fbf2a..60a78a1cd 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -860,7 +860,9 @@ split_image_check(struct image_header *app_hdr, * Check that this is a valid header. Valid means that the magic is * correct, and that the sizes/offsets are "sane". Sane means that * there is no overflow on the arithmetic, and that the result fits - * within the flash area we are in. + * within the flash area we are in. Also check the flags in the image + * and class the image as invalid if flags for encryption/compression + * are present but these features are not enabled. */ static bool boot_is_header_valid(const struct image_header *hdr, const struct flash_area *fap) @@ -879,6 +881,18 @@ boot_is_header_valid(const struct image_header *hdr, const struct flash_area *fa return false; } +#if !defined(MCUBOOT_ENC_IMAGES) + if (IS_ENCRYPTED(hdr)) { + return false; + } +#endif + +#if !defined(MCUBOOT_DECOMPRESS_IMAGES) + if (IS_COMPRESSED(hdr)) { + return false; + } +#endif + return true; }