[PATCH v2 2/2] tools/fit_check_sign: make key optional

Daniel Golle daniel at makrotopia.org
Sun Mar 30 00:24:31 CET 2025


Allow invoking fit_check_sig without the key parameter, allowing to
validate only checksums and hashes for unsigned images.

Signed-off-by: Daniel Golle <daniel at makrotopia.org>
---
v2: check key_blob and only call munmap in case it had been mmap'ed before

 tools/Makefile         |  3 +--
 tools/fit_check_sign.c | 19 +++++++++----------
 2 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/tools/Makefile b/tools/Makefile
index 237fa900a24..8b984eb60dd 100644
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -63,8 +63,7 @@ HOSTCFLAGS_img2srec.o := -pedantic
 hostprogs-y += mkenvimage
 mkenvimage-objs := mkenvimage.o os_support.o generated/lib/crc32.o
 
-hostprogs-y += dumpimage mkimage
-hostprogs-$(CONFIG_TOOLS_LIBCRYPTO) += fit_info fit_check_sign
+hostprogs-y += dumpimage mkimage fit_info fit_check_sign
 hostprogs-$(CONFIG_TOOLS_LIBCRYPTO) += fdt_add_pubkey
 
 ifneq ($(CONFIG_CMD_BOOTEFI_SELFTEST)$(CONFIG_FWU_MDATA_GPT_BLK),)
diff --git a/tools/fit_check_sign.c b/tools/fit_check_sign.c
index 3d1d33fdab1..32d0fdb8829 100644
--- a/tools/fit_check_sign.c
+++ b/tools/fit_check_sign.c
@@ -45,7 +45,7 @@ int main(int argc, char **argv)
 	char *config_name = NULL;
 	char cmdname[256];
 	int ret;
-	void *key_blob;
+	void *key_blob = NULL;
 	int c;
 
 	strncpy(cmdname, *argv, sizeof(cmdname) - 1);
@@ -70,18 +70,15 @@ int main(int argc, char **argv)
 		fprintf(stderr, "%s: Missing fdt file\n", *argv);
 		usage(*argv);
 	}
-	if (!keyfile) {
-		fprintf(stderr, "%s: Missing key file\n", *argv);
-		usage(*argv);
-	}
 
 	ffd = mmap_fdt(cmdname, fdtfile, 0, &fit_blob, &fsbuf, false, true);
 	if (ffd < 0)
 		return EXIT_FAILURE;
-	kfd = mmap_fdt(cmdname, keyfile, 0, &key_blob, &ksbuf, false, true);
-	if (kfd < 0)
-		return EXIT_FAILURE;
-
+	if (keyfile) {
+		kfd = mmap_fdt(cmdname, keyfile, 0, &key_blob, &ksbuf, false, true);
+		if (kfd < 0)
+			return EXIT_FAILURE;
+	}
 	image_set_host_blob(key_blob);
 	ret = fit_check_sign(fit_blob, key_blob, config_name);
 	if (!ret) {
@@ -93,7 +90,9 @@ int main(int argc, char **argv)
 	}
 
 	(void) munmap((void *)fit_blob, fsbuf.st_size);
-	(void) munmap((void *)key_blob, ksbuf.st_size);
+
+	if (key_blob)
+		(void)munmap((void *)key_blob, ksbuf.st_size);
 
 	close(ffd);
 	close(kfd);
-- 
2.49.0


More information about the U-Boot mailing list