From 148b4974a4c8f29333d498a39d65fc94871b6302 Mon Sep 17 00:00:00 2001 From: Gabriel Valcazar Date: Tue, 26 Dec 2023 14:24:34 +0100 Subject: [PATCH] libubootenv: adapt patches to v0.3.5 https://onedigi.atlassian.net/browse/DEL-8885 Signed-off-by: Gabriel Valcazar --- ...t-for-environment-encryption-by-CAAM.patch | 32 +-- ...-U-Boot-environment-access-functions.patch | 10 +- ...pport-to-set-dynamic-location-of-env.patch | 18 +- ...d-HWID-from-nvmem-device-if-not-avai.patch | 8 +- ...t-for-environment-encryption-for-CCM.patch | 192 +++++++++--------- 5 files changed, 128 insertions(+), 132 deletions(-) diff --git a/meta-digi-arm/recipes-bsp/libubootenv/libubootenv/0001-Implement-support-for-environment-encryption-by-CAAM.patch b/meta-digi-arm/recipes-bsp/libubootenv/libubootenv/0001-Implement-support-for-environment-encryption-by-CAAM.patch index a2e25acf2..d08d3f4e4 100644 --- a/meta-digi-arm/recipes-bsp/libubootenv/libubootenv/0001-Implement-support-for-environment-encryption-by-CAAM.patch +++ b/meta-digi-arm/recipes-bsp/libubootenv/libubootenv/0001-Implement-support-for-environment-encryption-by-CAAM.patch @@ -28,10 +28,10 @@ Signed-off-by: Gabriel Valcazar create mode 100644 src/md5.h diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt -index 4b71bc588827..d7e38a12feed 100644 +index ababe0f..fb1efa2 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt -@@ -1,6 +1,8 @@ +@@ -4,6 +4,8 @@ cmake_minimum_required (VERSION 2.6) # Sources and private headers SET(libubootenv_SOURCES @@ -42,7 +42,7 @@ index 4b71bc588827..d7e38a12feed 100644 ) diff --git a/src/caam_keyblob.h b/src/caam_keyblob.h new file mode 100644 -index 000000000000..e313e87a3854 +index 0000000..e313e87 --- /dev/null +++ b/src/caam_keyblob.h @@ -0,0 +1,42 @@ @@ -90,7 +90,7 @@ index 000000000000..e313e87a3854 +#endif /* CAAM_KEYBLOB_H */ diff --git a/src/md5.c b/src/md5.c new file mode 100644 -index 000000000000..47ae8bf34a4d +index 0000000..47ae8bf --- /dev/null +++ b/src/md5.c @@ -0,0 +1,275 @@ @@ -371,7 +371,7 @@ index 000000000000..47ae8bf34a4d +} diff --git a/src/md5.h b/src/md5.h new file mode 100644 -index 000000000000..02a9a9d23e34 +index 0000000..02a9a9d --- /dev/null +++ b/src/md5.h @@ -0,0 +1,24 @@ @@ -400,13 +400,13 @@ index 000000000000..02a9a9d23e34 + +#endif /* _MD5_H */ diff --git a/src/uboot_env.c b/src/uboot_env.c -index 30c39ebf6fa9..2fd08f5a07db 100644 +index ae85c7e..750b736 100644 --- a/src/uboot_env.c +++ b/src/uboot_env.c -@@ -33,11 +33,21 @@ - #include +@@ -34,11 +34,21 @@ #include #include + #include +#include #include #include @@ -425,8 +425,8 @@ index 30c39ebf6fa9..2fd08f5a07db 100644 #define UBI_MAX_VOLUME 128 #define DEVICE_MTD_NAME "/dev/mtd" -@@ -844,6 +854,105 @@ static int set_obsolete_flag(struct uboot_flash_env *dev) - return ret; +@@ -1028,6 +1038,105 @@ const struct uboot_version_info *libuboot_version_info(void) + return &libinfo; } +static int is_env_encrypted(void) @@ -531,7 +531,7 @@ index 30c39ebf6fa9..2fd08f5a07db 100644 int libuboot_env_store(struct uboot_ctx *ctx) { struct var_entry *entry; -@@ -919,6 +1028,15 @@ int libuboot_env_store(struct uboot_ctx *ctx) +@@ -1103,6 +1212,15 @@ int libuboot_env_store(struct uboot_ctx *ctx) ((struct uboot_env_redund *)image)->flags = flags; } @@ -547,7 +547,7 @@ index 30c39ebf6fa9..2fd08f5a07db 100644 *(uint32_t *)image = crc32(0, (uint8_t *)data, ctx->size - offsetdata); copy = ctx->redundant ? (ctx->current ? 0 : 1) : 0; -@@ -984,6 +1102,13 @@ static int libuboot_load(struct uboot_ctx *ctx) +@@ -1167,6 +1285,13 @@ static int libuboot_load(struct uboot_ctx *ctx) } crc = *(uint32_t *)(buf[i] + offsetcrc); dev->crc = crc32(0, (uint8_t *)data, usable_envsize); @@ -561,7 +561,7 @@ index 30c39ebf6fa9..2fd08f5a07db 100644 crcenv[i] = dev->crc == crc; if (ctx->redundant) dev->flags = *(uint8_t *)(buf[i] + offsetflags); -@@ -1264,6 +1389,11 @@ int libuboot_read_config(struct uboot_ctx *ctx, const char *config) +@@ -1773,6 +1898,11 @@ int libuboot_read_config_ext(struct uboot_ctx **ctxlist, const char *config) break; } } @@ -573,7 +573,7 @@ index 30c39ebf6fa9..2fd08f5a07db 100644 if (ndev == 0) retval = -EINVAL; -@@ -1461,6 +1591,7 @@ int libuboot_initialize(struct uboot_ctx **out, +@@ -2042,6 +2172,7 @@ int libuboot_initialize(struct uboot_ctx **out, return -ENOMEM; ctx->valid = false; @@ -582,10 +582,10 @@ index 30c39ebf6fa9..2fd08f5a07db 100644 if (ret < 0) { diff --git a/src/uboot_private.h b/src/uboot_private.h -index 4b7a9f9602a6..22c8c14ce8cc 100644 +index 40e5446..ee2d305 100644 --- a/src/uboot_private.h +++ b/src/uboot_private.h -@@ -111,10 +111,14 @@ LIST_HEAD(vars, var_entry); +@@ -114,10 +114,14 @@ LIST_HEAD(vars, var_entry); struct uboot_ctx { /** true if the environment is redundant */ bool redundant; diff --git a/meta-digi-arm/recipes-bsp/libubootenv/libubootenv/0002-Implement-U-Boot-environment-access-functions.patch b/meta-digi-arm/recipes-bsp/libubootenv/libubootenv/0002-Implement-U-Boot-environment-access-functions.patch index 065db6515..d585a18ad 100644 --- a/meta-digi-arm/recipes-bsp/libubootenv/libubootenv/0002-Implement-U-Boot-environment-access-functions.patch +++ b/meta-digi-arm/recipes-bsp/libubootenv/libubootenv/0002-Implement-U-Boot-environment-access-functions.patch @@ -18,10 +18,10 @@ Signed-off-by: Gabriel Valcazar 2 files changed, 119 insertions(+) diff --git a/src/libuboot.h b/src/libuboot.h -index bfcaeb1d609f..b15969f89174 100644 +index 3ed3244..e83b3a5 100644 --- a/src/libuboot.h +++ b/src/libuboot.h -@@ -159,6 +159,29 @@ const char *libuboot_getname(void *entry); +@@ -201,6 +201,29 @@ const char *libuboot_getname(void *entry); */ const char *libuboot_getvalue(void *entry); @@ -52,11 +52,11 @@ index bfcaeb1d609f..b15969f89174 100644 } #endif diff --git a/src/uboot_env.c b/src/uboot_env.c -index 2fd08f5a07db..87f831b0cdc7 100644 +index 750b736..b7ad4c4 100644 --- a/src/uboot_env.c +++ b/src/uboot_env.c -@@ -1632,3 +1632,99 @@ void libuboot_close(struct uboot_ctx *ctx) { - void libuboot_exit(struct uboot_ctx *ctx) { +@@ -2234,3 +2234,99 @@ void libuboot_exit(struct uboot_ctx *ctx) + free(ctx); } + diff --git a/meta-digi-arm/recipes-bsp/libubootenv/libubootenv/0003-tools-env-add-support-to-set-dynamic-location-of-env.patch b/meta-digi-arm/recipes-bsp/libubootenv/libubootenv/0003-tools-env-add-support-to-set-dynamic-location-of-env.patch index f4e744757..5bf01172a 100644 --- a/meta-digi-arm/recipes-bsp/libubootenv/libubootenv/0003-tools-env-add-support-to-set-dynamic-location-of-env.patch +++ b/meta-digi-arm/recipes-bsp/libubootenv/libubootenv/0003-tools-env-add-support-to-set-dynamic-location-of-env.patch @@ -27,10 +27,10 @@ Signed-off-by: Gabriel Valcazar 2 files changed, 90 insertions(+), 2 deletions(-) diff --git a/src/uboot_env.c b/src/uboot_env.c -index 87f831b0cdc7..539e22f9a8ac 100644 +index b7ad4c4..924a6cf 100644 --- a/src/uboot_env.c +++ b/src/uboot_env.c -@@ -431,6 +431,73 @@ static int check_env_device(struct uboot_ctx *ctx, struct uboot_flash_env *dev) +@@ -591,6 +591,73 @@ static int check_env_device(struct uboot_flash_env *dev) return 0; } @@ -104,9 +104,9 @@ index 87f831b0cdc7..539e22f9a8ac 100644 static bool check_compatible_devices(struct uboot_ctx *ctx) { if (!ctx->redundant) -@@ -442,6 +509,12 @@ static bool check_compatible_devices(struct uboot_ctx *ctx) +@@ -602,6 +669,12 @@ static bool check_compatible_devices(struct uboot_ctx *ctx) return false; - if (ctx->envdevs[0].envsize != ctx->envdevs[1].envsize) + if (ctx->envdevs[0].envsize != ctx->envdevs[1].envsize) return false; + if (ctx->envdevs[0].offset == ctx->envdevs[1].offset) { + ctx->dynamic_env = true; @@ -117,7 +117,7 @@ index 87f831b0cdc7..539e22f9a8ac 100644 return true; } -@@ -488,7 +561,7 @@ static int fileread(struct uboot_flash_env *dev, void *data) +@@ -648,7 +721,7 @@ static int fileread(struct uboot_flash_env *dev, void *data) return ret; } @@ -126,7 +126,7 @@ index 87f831b0cdc7..539e22f9a8ac 100644 { size_t count; size_t blocksize; -@@ -507,6 +580,17 @@ static int mtdread(struct uboot_flash_env *dev, void *data) +@@ -667,6 +740,17 @@ static int mtdread(struct uboot_flash_env *dev, void *data) ret = read(dev->fd, data, dev->envsize); break; case MTD_NANDFLASH: @@ -144,7 +144,7 @@ index 87f831b0cdc7..539e22f9a8ac 100644 if (dev->offset) if (lseek(dev->fd, dev->offset, SEEK_SET) < 0) { ret = -EIO; -@@ -582,7 +666,7 @@ static int devread(struct uboot_ctx *ctx, unsigned int copy, void *data) +@@ -742,7 +826,7 @@ static int devread(struct uboot_ctx *ctx, unsigned int copy, void *data) ret = fileread(dev, data); break; case DEVICE_MTD: @@ -154,10 +154,10 @@ index 87f831b0cdc7..539e22f9a8ac 100644 case DEVICE_UBI: ret = ubiread(dev, data); diff --git a/src/uboot_private.h b/src/uboot_private.h -index 22c8c14ce8cc..591df20d6936 100644 +index ee2d305..84bd1bc 100644 --- a/src/uboot_private.h +++ b/src/uboot_private.h -@@ -113,10 +113,14 @@ struct uboot_ctx { +@@ -116,10 +116,14 @@ struct uboot_ctx { bool redundant; /** true if the environment is encrypted */ bool encrypted; diff --git a/meta-digi-arm/recipes-bsp/libubootenv/libubootenv/0004-fall-back-to-read-HWID-from-nvmem-device-if-not-avai.patch b/meta-digi-arm/recipes-bsp/libubootenv/libubootenv/0004-fall-back-to-read-HWID-from-nvmem-device-if-not-avai.patch index 08cb1ab43..0f369f5b7 100644 --- a/meta-digi-arm/recipes-bsp/libubootenv/libubootenv/0004-fall-back-to-read-HWID-from-nvmem-device-if-not-avai.patch +++ b/meta-digi-arm/recipes-bsp/libubootenv/libubootenv/0004-fall-back-to-read-HWID-from-nvmem-device-if-not-avai.patch @@ -21,10 +21,10 @@ https://onedigi.atlassian.net/browse/DEL-8444 1 file changed, 52 insertions(+), 2 deletions(-) diff --git a/src/uboot_env.c b/src/uboot_env.c -index 539e22f9a8ac..86f9b9ebfec2 100644 +index 924a6cf..d507cac 100644 --- a/src/uboot_env.c +++ b/src/uboot_env.c -@@ -945,6 +945,32 @@ static int is_env_encrypted(void) +@@ -1129,6 +1129,32 @@ static int is_env_encrypted(void) return access(dt_prop, F_OK) != -1; } @@ -57,7 +57,7 @@ index 539e22f9a8ac..86f9b9ebfec2 100644 #define MAX_HWID_WORDS 4 static int env_caam_get_keymod(unsigned char output[16]) { -@@ -953,12 +979,11 @@ static int env_caam_get_keymod(unsigned char output[16]) +@@ -1137,12 +1163,11 @@ static int env_caam_get_keymod(unsigned char output[16]) int fd; uint32_t ocotp_hwid[MAX_HWID_WORDS]; char dt_prop[32]; @@ -71,7 +71,7 @@ index 539e22f9a8ac..86f9b9ebfec2 100644 fd = open(dt_prop, O_RDONLY); if (fd < 0) return fd; -@@ -969,6 +994,31 @@ static int env_caam_get_keymod(unsigned char output[16]) +@@ -1153,6 +1178,31 @@ static int env_caam_get_keymod(unsigned char output[16]) } ocotp_hwid[i] = ntohl(*(uint32_t *)buf); close(fd); diff --git a/meta-digi-arm/recipes-bsp/libubootenv/libubootenv/0005-Implement-support-for-environment-encryption-for-CCM.patch b/meta-digi-arm/recipes-bsp/libubootenv/libubootenv/0005-Implement-support-for-environment-encryption-for-CCM.patch index 023cb1d8c..83c262155 100644 --- a/meta-digi-arm/recipes-bsp/libubootenv/libubootenv/0005-Implement-support-for-environment-encryption-for-CCM.patch +++ b/meta-digi-arm/recipes-bsp/libubootenv/libubootenv/0005-Implement-support-for-environment-encryption-for-CCM.patch @@ -1,4 +1,3 @@ -From 768cac09ee47729e3ef38b477c7a69e5b3d10c60 Mon Sep 17 00:00:00 2001 From: Mike Engel Date: Fri, 26 May 2023 11:21:43 +0200 Subject: [PATCH] Implement support for environment encryption for CCMP1 @@ -32,10 +31,10 @@ Signed-off-by: Mike Engel create mode 100644 src/teec_trace.h diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt -index d7e38a1..15dad7a 100644 +index fb1efa2..04353e9 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt -@@ -1,6 +1,10 @@ +@@ -4,6 +4,10 @@ cmake_minimum_required (VERSION 2.6) # Sources and private headers SET(libubootenv_SOURCES @@ -48,93 +47,93 @@ index d7e38a1..15dad7a 100644 uboot_env.c diff --git a/src/ta_ccmp1_aes.h b/src/ta_ccmp1_aes.h new file mode 100644 -index 0000000..9110cda +index 0000000..ceab07d --- /dev/null +++ b/src/ta_ccmp1_aes.h @@ -0,0 +1,84 @@ -+/* -+ * Copyright 2023 Digi International Inc -+ * -+ * SPDX-License-Identifier: GPL-2.0+ -+ */ -+ -+#ifndef __TA_CCMP1_AES_H__ -+#define __TA_CCMP1_AES_H__ -+ -+/* -+ * AES is a stream cipher which works a block at a time, with each block -+ * in this case being AES_BLOCK_LENGTH bytes. -+ */ -+ -+enum { -+ AES_STATECOLS = 4, /* columns in the state & expanded key */ -+ AES128_KEYCOLS = 4, /* columns in a key for aes128 */ -+ AES192_KEYCOLS = 6, /* columns in a key for aes128 */ -+ AES256_KEYCOLS = 8, /* columns in a key for aes128 */ -+ AES128_ROUNDS = 10, /* rounds in encryption for aes128 */ -+ AES192_ROUNDS = 12, /* rounds in encryption for aes192 */ -+ AES256_ROUNDS = 14, /* rounds in encryption for aes256 */ -+ AES128_KEY_LENGTH = 128 / 8, -+ AES192_KEY_LENGTH = 192 / 8, -+ AES256_KEY_LENGTH = 256 / 8, -+ AES128_EXPAND_KEY_LENGTH = 4 * AES_STATECOLS * (AES128_ROUNDS + 1), -+ AES192_EXPAND_KEY_LENGTH = 4 * AES_STATECOLS * (AES192_ROUNDS + 1), -+ AES256_EXPAND_KEY_LENGTH = 4 * AES_STATECOLS * (AES256_ROUNDS + 1), -+ AES_BLOCK_LENGTH = 128 / 8, -+}; -+ -+struct aes_ctx { -+ TEEC_Context ctx; -+ TEEC_Session sess; -+}; -+ -+/* The function IDs implemented in the associated TA */ -+ -+/* -+ * TA_AES_CMD_SET_KEY - Allocate resources for the AES ciphering -+ * param[0] (value) Algorithmus -+ * param[1] (value) Key size -+ * param[2] (value) encryption mode (encrypt/decrypt) -+ * param[3] unused -+ */ -+#define TA_AES_CMD_PREPARE 0 -+ -+/* -+ * TA_AES_CMD_SET_KEY - Allocate resources for the AES ciphering -+ * param[0] (memref) key data, size shall equal key length -+ * param[1] unused -+ * param[2] unused -+ * param[3] unused -+ */ -+#define TA_AES_CMD_SET_KEY 1 -+ -+/* -+ * TA_AES_CMD_SET_IV - reset IV -+ * param[0] (memref) initial vector, size shall equal block length -+ * param[1] unused -+ * param[2] unused -+ * param[3] unused -+ */ -+#define TA_AES_CMD_SET_IV 2 -+ -+/* -+ * TA_AES_CMD_CIPHER - Cipher input buffer into output buffer -+ * param[0] (memref) input buffer -+ * param[1] (memref) output buffer (shall be bigger than input buffer) -+ * param[2] unused -+ * param[3] unused -+ */ -+#define TA_AES_CMD_CIPHER 3 -+ -+#define TA_AES_MODE_ENCODE 1 -+#define TA_AES_MODE_DECODE 0 -+ -+#define TA_AES_ALGO_CTR 2 -+ -+/* UUID of the TA */ -+#define TA_STM32MP_CRYP_UUID { 0xc2fad363, 0x5d9f, 0x4fc4, \ -+ { 0xa4, 0x17, 0x55, 0x58, 0x41, 0xe0, 0x57, 0x45 } } -+ ++/* ++ * Copyright 2023 Digi International Inc ++ * ++ * SPDX-License-Identifier: GPL-2.0+ ++ */ ++ ++#ifndef __TA_CCMP1_AES_H__ ++#define __TA_CCMP1_AES_H__ ++ ++/* ++ * AES is a stream cipher which works a block at a time, with each block ++ * in this case being AES_BLOCK_LENGTH bytes. ++ */ ++ ++enum { ++ AES_STATECOLS = 4, /* columns in the state & expanded key */ ++ AES128_KEYCOLS = 4, /* columns in a key for aes128 */ ++ AES192_KEYCOLS = 6, /* columns in a key for aes128 */ ++ AES256_KEYCOLS = 8, /* columns in a key for aes128 */ ++ AES128_ROUNDS = 10, /* rounds in encryption for aes128 */ ++ AES192_ROUNDS = 12, /* rounds in encryption for aes192 */ ++ AES256_ROUNDS = 14, /* rounds in encryption for aes256 */ ++ AES128_KEY_LENGTH = 128 / 8, ++ AES192_KEY_LENGTH = 192 / 8, ++ AES256_KEY_LENGTH = 256 / 8, ++ AES128_EXPAND_KEY_LENGTH = 4 * AES_STATECOLS * (AES128_ROUNDS + 1), ++ AES192_EXPAND_KEY_LENGTH = 4 * AES_STATECOLS * (AES192_ROUNDS + 1), ++ AES256_EXPAND_KEY_LENGTH = 4 * AES_STATECOLS * (AES256_ROUNDS + 1), ++ AES_BLOCK_LENGTH = 128 / 8, ++}; ++ ++struct aes_ctx { ++ TEEC_Context ctx; ++ TEEC_Session sess; ++}; ++ ++/* The function IDs implemented in the associated TA */ ++ ++/* ++ * TA_AES_CMD_SET_KEY - Allocate resources for the AES ciphering ++ * param[0] (value) Algorithmus ++ * param[1] (value) Key size ++ * param[2] (value) encryption mode (encrypt/decrypt) ++ * param[3] unused ++ */ ++#define TA_AES_CMD_PREPARE 0 ++ ++/* ++ * TA_AES_CMD_SET_KEY - Allocate resources for the AES ciphering ++ * param[0] (memref) key data, size shall equal key length ++ * param[1] unused ++ * param[2] unused ++ * param[3] unused ++ */ ++#define TA_AES_CMD_SET_KEY 1 ++ ++/* ++ * TA_AES_CMD_SET_IV - reset IV ++ * param[0] (memref) initial vector, size shall equal block length ++ * param[1] unused ++ * param[2] unused ++ * param[3] unused ++ */ ++#define TA_AES_CMD_SET_IV 2 ++ ++/* ++ * TA_AES_CMD_CIPHER - Cipher input buffer into output buffer ++ * param[0] (memref) input buffer ++ * param[1] (memref) output buffer (shall be bigger than input buffer) ++ * param[2] unused ++ * param[3] unused ++ */ ++#define TA_AES_CMD_CIPHER 3 ++ ++#define TA_AES_MODE_ENCODE 1 ++#define TA_AES_MODE_DECODE 0 ++ ++#define TA_AES_ALGO_CTR 2 ++ ++/* UUID of the TA */ ++#define TA_STM32MP_CRYP_UUID { 0xc2fad363, 0x5d9f, 0x4fc4, \ ++ { 0xa4, 0x17, 0x55, 0x58, 0x41, 0xe0, 0x57, 0x45 } } ++ +#endif /* __TA_CCMP1_AES_H__ */ \ No newline at end of file diff --git a/src/tee.h b/src/tee.h @@ -2576,10 +2575,10 @@ index 0000000..b1e37ec + +#endif diff --git a/src/uboot_env.c b/src/uboot_env.c -index 86f9b9e..45b356f 100644 +index d507cac..aa33930 100644 --- a/src/uboot_env.c +++ b/src/uboot_env.c -@@ -41,6 +41,9 @@ +@@ -42,6 +42,9 @@ #include "md5.h" #include "uboot_private.h" @@ -2589,7 +2588,7 @@ index 86f9b9e..45b356f 100644 /* * The BLOB includes a random AES-256 key (32 bytes) and a * Message Authentication Code (MAC) (16 bytes) -@@ -972,7 +975,7 @@ static bool machine_is_compatible(char *machine) +@@ -1156,7 +1159,7 @@ static bool machine_is_compatible(char *machine) } #define MAX_HWID_WORDS 4 @@ -2598,7 +2597,7 @@ index 86f9b9e..45b356f 100644 { int i; int len; -@@ -1040,7 +1043,7 @@ static int env_caam_crypt(char *data, unsigned int size, const int enc) +@@ -1224,7 +1227,7 @@ static int env_caam_crypt(char *data, unsigned int size, const int enc) char *buffer; unsigned char key_modifier[16]; @@ -2607,7 +2606,7 @@ index 86f9b9e..45b356f 100644 if (ret) return ret; -@@ -1087,6 +1090,165 @@ free: +@@ -1271,6 +1274,165 @@ free: return ret; } @@ -2667,7 +2666,7 @@ index 86f9b9e..45b356f 100644 + TEEC_Result res; + + memset(&op, 0, sizeof(op)); -+ ++ + op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, + TEEC_NONE, TEEC_NONE, TEEC_NONE); + @@ -2773,7 +2772,7 @@ index 86f9b9e..45b356f 100644 int libuboot_env_store(struct uboot_ctx *ctx) { struct var_entry *entry; -@@ -1163,7 +1325,12 @@ int libuboot_env_store(struct uboot_ctx *ctx) +@@ -1347,7 +1509,12 @@ int libuboot_env_store(struct uboot_ctx *ctx) } if (ctx->encrypted) { @@ -2787,7 +2786,7 @@ index 86f9b9e..45b356f 100644 if (ret) { fprintf(stderr, "Error: can't encrypt env for flash\n"); -@@ -1237,7 +1404,12 @@ static int libuboot_load(struct uboot_ctx *ctx) +@@ -1420,7 +1587,12 @@ static int libuboot_load(struct uboot_ctx *ctx) crc = *(uint32_t *)(buf[i] + offsetcrc); dev->crc = crc32(0, (uint8_t *)data, usable_envsize); if (ctx->encrypted) { @@ -2801,6 +2800,3 @@ index 86f9b9e..45b356f 100644 if (ret) { fprintf(stderr, "Error: can't decrypt environment\n"); return ret; --- -2.34.1 -