[PATCH v2 0/2] binman: properly error out if path provided to key-name-hint in signature nodes
Quentin Schulz
foss+uboot at 0leil.net
Fri Apr 18 13:26:06 CEST 2025
I misunderstood the documentation and put the signing key in a keys/
directory while setting key-name-hint property in the signature node and
u-boot-spl-pubkey-dtb to a path.
mkimage doesn't fail if it cannot find the public key when signing a
FIT but returns something on stderr to notify the user it couldn't find
the key. The issue is that bintool currently discards stderr if the
command successfully returns, so the FIT is not signed AND the user
isn't made aware of it unless the image is manually inspected.
mkimage does fail when trying to insert a public key in a DTB if it
isn't found but we can have a better error message.
Signed-off-by: Quentin Schulz <quentin.schulz at cherry.de>
---
Changes in v2:
- added tests,
- fixed typo in docstring,
- synced both error messages,
- Link to v1: https://lore.kernel.org/r/20250414-binman-pubkey-dir-v1-0-0784d54ac621@cherry.de
---
Quentin Schulz (2):
binman: etype: fit: raise ValueError if key-name-hint is a path
binman: etype: u_boot_spl_pubkey_dtb: provide more explicit error for key-name-hint with path
tools/binman/etype/fit.py | 3 +
tools/binman/etype/u_boot_spl_pubkey_dtb.py | 2 +
tools/binman/ftest.py | 25 ++++++
.../test/347_key_name_hint_dir_fit_signature.dts | 98 ++++++++++++++++++++++
.../test/348_key_name_hint_dir_spl_pubkey_dtb.dts | 16 ++++
5 files changed, 144 insertions(+)
---
base-commit: cb7555e93075114fe4af0adb806877ac4d4ef80d
change-id: 20250411-binman-pubkey-dir-48b886b17599
Best regards,
--
Quentin Schulz <quentin.schulz at cherry.de>
More information about the U-Boot
mailing list