[PATCH v2 0/2] binman: properly error out if path provided to key-name-hint in signature nodes
Tom Rini
trini at konsulko.com
Tue Jul 1 20:40:35 CEST 2025
On Fri, 18 Apr 2025 13:26:06 +0200, Quentin Schulz wrote:
> I misunderstood the documentation and put the signing key in a keys/
> directory while setting key-name-hint property in the signature node and
> u-boot-spl-pubkey-dtb to a path.
>
> mkimage doesn't fail if it cannot find the public key when signing a
> FIT but returns something on stderr to notify the user it couldn't find
> the key. The issue is that bintool currently discards stderr if the
> command successfully returns, so the FIT is not signed AND the user
> isn't made aware of it unless the image is manually inspected.
>
> [...]
Applied to u-boot/next, thanks!
[1/2] binman: etype: fit: raise ValueError if key-name-hint is a path
commit: 2ddc47f9aa0581a907dd07cb4468ef6d4f3519dc
[2/2] binman: etype: u_boot_spl_pubkey_dtb: provide more explicit error for key-name-hint with path
commit: 4e7e0ebcf59794b97542bb6b3d1e0a0fefa145f2
--
Tom
More information about the U-Boot
mailing list