[PATCH 1/2] image-fit-sig: skip in tools build if key is missing
Daniel Golle
daniel at makrotopia.org
Sat Mar 29 04:12:50 CET 2025
Skip signature verification in case no public key was given in order to
allow using fit_check_sign also to validate uImage.FIT images without
signatures. Guarded by USE_HOSTCC macro the behavior on target is
unchanged.
Signed-off-by: Daniel Golle <daniel at makrotopia.org>
---
boot/image-fit-sig.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/boot/image-fit-sig.c b/boot/image-fit-sig.c
index a121de60ae2..f23e9d5d0b0 100644
--- a/boot/image-fit-sig.c
+++ b/boot/image-fit-sig.c
@@ -191,6 +191,11 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset,
int noffset;
int key_node;
+#ifdef USE_HOSTCC
+ if (!key_blob)
+ return 0;
+#endif
+
/* Work out what we need to verify */
*no_sigsp = 1;
key_node = fdt_subnode_offset(key_blob, 0, FIT_SIG_NODENAME);
@@ -477,6 +482,11 @@ static int fit_config_verify_required_keys(const void *fit, int conf_noffset,
bool reqd_policy_all = true;
const char *reqd_mode;
+#ifdef USE_HOSTCC
+ if (!key_blob)
+ return 0;
+#endif
+
/*
* We don't support this since libfdt considers names with the
* name root but different @ suffix to be equal
--
2.49.0
More information about the U-Boot
mailing list