[PATCH 4/4] image-fit-sig: require signatures

[Ludwig Nussel]

Signature nodes in the device tree are mandatory if u-boot is compiled
with signature verification. Allowing signature verification to pass
if those nodes are missing would leave the system fail open.

Signed-off-by: Ludwig Nussel <ludwig.nussel at siemens.com>
---

 boot/image-fit-sig.c | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/boot/image-fit-sig.c b/boot/image-fit-sig.c
index 433df20281f..b89b82ee58e 100644
--- a/boot/image-fit-sig.c
+++ b/boot/image-fit-sig.c
@@ -618,7 +618,6 @@ static int fit_config_verify_required_keys(const void *fit, int conf_noffset,
 	int noffset;
 	int key_node;
 	int verified = 0;
-	int reqd_sigs = 0;
 	bool reqd_policy_all = true;
 	const char *reqd_mode;
 
@@ -639,9 +638,8 @@ static int fit_config_verify_required_keys(const void *fit, int conf_noffset,
 	/* Work out what we need to verify */
 	key_node = fdt_subnode_offset(key_blob, 0, FIT_SIG_NODENAME);
 	if (key_node < 0) {
-		debug("%s: No signature node found: %s\n", __func__,
-		      fdt_strerror(key_node));
-		return 0;
+		log_err("No signature node found: %s\n", fdt_strerror(key_node));
+		return -EPERM;
 	}
 
 	/* Get required-mode policy property from DTB */
@@ -668,8 +666,6 @@ static int fit_config_verify_required_keys(const void *fit, int conf_noffset,
 		if (!required || strcmp(required, "conf"))
 			continue;
 
-		reqd_sigs++;
-
 		ret = fit_config_verify_key(fit, conf_noffset, key_blob,
 					    noffset);
 		if (ret) {
@@ -685,8 +681,8 @@ static int fit_config_verify_required_keys(const void *fit, int conf_noffset,
 		}
 	}
 
-	if (reqd_sigs && !verified) {
-		printf("Failed to verify 'any' of the required signature(s)\n");
+	if (!verified) {
+		log_err("Failed to verify 'any' of the required signature(s)\n");
 		return -EPERM;
 	}
 
-- 
2.43.0

base-commit: 9f61fd5b80a43ae20ba115e3a2933d47d720ab82
branch: us-qemu-signatures