[PATCH 2/4] iminfo: also verify signatures

Mon Apr 27 17:03:39 CEST 2026

The iminfo command already verifies hashes of images. This change also
verifies signatures of configurations if enabled.

Signed-off-by: Ludwig Nussel <ludwig.nussel at siemens.com>
---

 boot/image-fit.c | 36 ++++++++++++++++++++++++++++++++++++
 cmd/bootm.c      |  7 +++++++
 include/image.h  |  1 +
 3 files changed, 44 insertions(+)

diff --git a/boot/image-fit.c b/boot/image-fit.c
index 2d2709aa5b1..b2c6db79edb 100644
--- a/boot/image-fit.c
+++ b/boot/image-fit.c
@@ -1512,6 +1512,42 @@ int fit_all_image_verify(const void *fit)
 	return 1;
 }
 
+int fit_all_configurations_verify(const void *fit)
+{
+	int confs_noffset;
+	int noffset;
+	int r = -ENOENT;
+
+	/* Find images parent node offset */
+	confs_noffset = fdt_path_offset(fit, FIT_CONFS_PATH);
+	if (confs_noffset < 0) {
+		printf("Can't find configurations parent node '%s' (%s)\n",
+		       FIT_IMAGES_PATH, fdt_strerror(confs_noffset));
+		return confs_noffset;
+	}
+
+	/* Process all config subnodes, check hashes for each */
+	printf("## Checking signatures for FIT Image at %08lx ...\n",
+	       (ulong)fit);
+
+	fdt_for_each_subnode(noffset, fit, confs_noffset) {
+		int ret;
+
+		printf("%s ... ", fit_get_name(fit, noffset, NULL));
+		ret = fit_config_verify(fit, noffset);
+		if (ret) {
+			r = ret;
+			continue;
+		}
+		/* at least one correct config */
+		if (r == -ENOENT)
+			r = 0;
+		puts("OK\n");
+	}
+
+	return r;
+}
+
 static int fit_image_uncipher(const void *fit, int image_noffset,
 			      void **data, size_t *size)
 {
diff --git a/cmd/bootm.c b/cmd/bootm.c
index ca7cec91fad..2faa9648c46 100644
--- a/cmd/bootm.c
+++ b/cmd/bootm.c
@@ -335,6 +335,13 @@ static int image_info(ulong addr)
 			return 1;
 		}
 
+		if (CONFIG_IS_ENABLED(FIT_SIGNATURE) &&
+		    fit_all_configurations_verify(hdr) != 0) {
+			puts("Signature verification failed!\n");
+			unmap_sysmem(hdr);
+			return 1;
+		}
+
 		unmap_sysmem(hdr);
 		return 0;
 #endif
diff --git a/include/image.h b/include/image.h
index 34efac6056d..7948090f6e0 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1355,6 +1355,7 @@ static inline int fit_config_verify(const void *fit, int conf_noffset)
 }
 #endif
 int fit_all_image_verify(const void *fit);
+int fit_all_configurations_verify(const void *fit);
 int fit_config_decrypt(const void *fit, int conf_noffset);
 int fit_image_check_os(const void *fit, int noffset, uint8_t os);
 int fit_image_check_arch(const void *fit, int noffset, uint8_t arch);
-- 
2.43.0

base-commit: 9f61fd5b80a43ae20ba115e3a2933d47d720ab82
branch: us-qemu-signatures
