[PATCH v2 2/2] tools/fit_check_sign: make key optional
Daniel Golle
daniel at makrotopia.org
Sun Mar 30 00:24:31 CET 2025
Allow invoking fit_check_sig without the key parameter, allowing to
validate only checksums and hashes for unsigned images.
Signed-off-by: Daniel Golle <daniel at makrotopia.org>
---
v2: check key_blob and only call munmap in case it had been mmap'ed before
tools/Makefile | 3 +--
tools/fit_check_sign.c | 19 +++++++++----------
2 files changed, 10 insertions(+), 12 deletions(-)
diff --git a/tools/Makefile b/tools/Makefile
index 237fa900a24..8b984eb60dd 100644
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -63,8 +63,7 @@ HOSTCFLAGS_img2srec.o := -pedantic
hostprogs-y += mkenvimage
mkenvimage-objs := mkenvimage.o os_support.o generated/lib/crc32.o
-hostprogs-y += dumpimage mkimage
-hostprogs-$(CONFIG_TOOLS_LIBCRYPTO) += fit_info fit_check_sign
+hostprogs-y += dumpimage mkimage fit_info fit_check_sign
hostprogs-$(CONFIG_TOOLS_LIBCRYPTO) += fdt_add_pubkey
ifneq ($(CONFIG_CMD_BOOTEFI_SELFTEST)$(CONFIG_FWU_MDATA_GPT_BLK),)
diff --git a/tools/fit_check_sign.c b/tools/fit_check_sign.c
index 3d1d33fdab1..32d0fdb8829 100644
--- a/tools/fit_check_sign.c
+++ b/tools/fit_check_sign.c
@@ -45,7 +45,7 @@ int main(int argc, char **argv)
char *config_name = NULL;
char cmdname[256];
int ret;
- void *key_blob;
+ void *key_blob = NULL;
int c;
strncpy(cmdname, *argv, sizeof(cmdname) - 1);
@@ -70,18 +70,15 @@ int main(int argc, char **argv)
fprintf(stderr, "%s: Missing fdt file\n", *argv);
usage(*argv);
}
- if (!keyfile) {
- fprintf(stderr, "%s: Missing key file\n", *argv);
- usage(*argv);
- }
ffd = mmap_fdt(cmdname, fdtfile, 0, &fit_blob, &fsbuf, false, true);
if (ffd < 0)
return EXIT_FAILURE;
- kfd = mmap_fdt(cmdname, keyfile, 0, &key_blob, &ksbuf, false, true);
- if (kfd < 0)
- return EXIT_FAILURE;
-
+ if (keyfile) {
+ kfd = mmap_fdt(cmdname, keyfile, 0, &key_blob, &ksbuf, false, true);
+ if (kfd < 0)
+ return EXIT_FAILURE;
+ }
image_set_host_blob(key_blob);
ret = fit_check_sign(fit_blob, key_blob, config_name);
if (!ret) {
@@ -93,7 +90,9 @@ int main(int argc, char **argv)
}
(void) munmap((void *)fit_blob, fsbuf.st_size);
- (void) munmap((void *)key_blob, ksbuf.st_size);
+
+ if (key_blob)
+ (void)munmap((void *)key_blob, ksbuf.st_size);
close(ffd);
close(kfd);
--
2.49.0
More information about the U-Boot
mailing list