thesofproject · lgirdwood · May 29, 2026 · May 29, 2026 · May 29, 2026 · May 29, 2026
@@ -12,6 +12,7 @@
 #include <unistd.h>
 #include <errno.h>
 #include <string.h>
+#include <stdbool.h>
 #include <time.h>
 #include <sys/time.h>
 
@@ -26,6 +27,29 @@
 #include <rimage/misc_utils.h>
 #include <rimage/hash.h>
 
+static bool cse_header_is_valid(const struct image *image, const void *buffer, size_t size)
+{
+	if (image->adsp->man_v2_5 || image->adsp->man_ace_v1_5) {
+		const struct CsePartitionDirHeader_v2_5 *cse_hdr = buffer;
+
+		return cse_hdr->header_marker == CSE_HEADER_MAKER &&
+			cse_hdr->nb_entries == MAN_CSE_PARTS &&
+			cse_hdr->header_length >= sizeof(*cse_hdr) &&
+			size >= sizeof(*cse_hdr);
+	}
+
+	if (image->adsp->man_v1_5 || image->adsp->man_v1_8) {
+		const struct CsePartitionDirHeader *cse_hdr = buffer;
+
+		return cse_hdr->header_marker == CSE_HEADER_MAKER &&
+			cse_hdr->nb_entries == MAN_CSE_PARTS &&
+			cse_hdr->header_length >= sizeof(*cse_hdr) &&
+			size >= sizeof(*cse_hdr);
+	}
+
+	return false;
+}
+
 static int man_open_rom_file(struct image *image)
 {
 	uint32_t size;
@@ -1630,7 +1654,7 @@ int man_write_fw_ace_v1_5(struct image *image)
 int verify_image(struct image *image)
 {
 	FILE *in_file;
-	int ret;
+	int ret = -EINVAL;
 	void *buffer;
 	size_t size, read, i;
 
@@ -1666,7 +1690,7 @@ int verify_image(struct image *image)
 	}
 	for (i = 0; i < size; i += sizeof(uint32_t)) {
 		/* find CSE header marker "$CPD" */
-		if (*(uint32_t *)(buffer + i) == CSE_HEADER_MAKER) {
+		if (cse_header_is_valid(image, buffer + i, size - i)) {
 			image->fw_image = buffer + i;
 			ret = image->adsp->verify_firmware(image);
 			goto out;
@@ -1677,8 +1701,9 @@ int verify_image(struct image *image)
 	fprintf(stderr, "error: could not find valid CSE header $CPD in %s\n",
 		image->verify_file);
 out:
+	free(buffer);
 	fclose(in_file);
-	return 0;
+	return ret;
 }
 
 
@@ -1719,7 +1744,7 @@ int resign_image(struct image *image)
 
 	for (i = 0; i < size; i += sizeof(uint32_t)) {
 		/* find CSE header marker "$CPD" */
-		if (*(uint32_t *)(buffer + i) == CSE_HEADER_MAKER) {
+		if (cse_header_is_valid(image, buffer + i, size - i)) {
 			image->fw_image = buffer + i;
 			break;
 		}
@@ -1781,7 +1806,22 @@ int resign_image(struct image *image)
 		goto out;
 	}
 
-	man_write_fw_mod(image);
+	ret = man_write_fw_mod(image);
+	if (ret < 0)
+		goto out;
+
+	if (fclose(image->out_fd)) {
+		ret = file_error("unable to close file after signing", image->out_file);
+		goto out;
+	}
+	image->out_fd = NULL;
+
+	/* validate the re-signed output with the same private key */
+	image->verify_file = image->out_file;
+	ret = verify_image(image);
+	image->verify_file = NULL;
+	if (ret < 0)
+		unlink(image->out_file);
 
 out:
 	free(buffer);

@@ -33,7 +33,7 @@ static void usage(char *name)
 	fprintf(stdout, "\t -e build extended manifest\n");
 	fprintf(stdout, "\t -l build loadable modules image (don't treat the first module as a bootloader)\n");
 	fprintf(stdout, "\t -y verify signed file\n");
-	fprintf(stdout, "\t -q resign binary\n");
+	fprintf(stdout, "\t -q resign binary from infile and validate the output signature\n");
 	fprintf(stdout, "\t -p set PV bit\n");
 	fprintf(stdout, "\t -d ignore detached sections\n");
 	fprintf(stdout, "\t -Q, --quiet suppress informational stdout logs\n");
@@ -144,6 +144,11 @@ int main(int argc, char *argv[])
 		return -EINVAL;
 	}
 
+	if (image.in_file && image.verify_file) {
+		fprintf(stderr, "error: resign and verify modes are mutually exclusive\n");
+		return -EINVAL;
+	}
+
 	/* firmware version: major.minor.micro */
 	if (image.fw_ver_string) {
 		ret = sscanf(image.fw_ver_string, "%hu.%hu.%hu",