[PATCH 4/4] image-fit-sig: require signatures
Ludwig Nussel
ludwig.nussel at siemens.com
Tue Apr 28 10:21:02 CEST 2026
On 4/27/26 18:02, Quentin Schulz wrote:
> On 4/27/26 5:03 PM, Ludwig Nussel wrote:
>> Signature nodes in the device tree are mandatory if u-boot is compiled
>> with signature verification. Allowing signature verification to pass
>
> First, it's not enforced at build time and cannot, as it depends on the
> binman FDT node to be properly configured. But we cannot do that,
> because we don't know the user setup.
>
> You can (mis)configure U-Boot to do signature verification but forget to
> add the signature to the SPL/proper DTB. Then it'll do nothing of
> course. To be fair, I got bit by that very mistake recently so maybe
> there's something to improve there indeed.
>
>> if those nodes are missing would leave the system fail open.
>>
>
> Yeah but why would they be missing in the first place? It's not like
> this is something you can modify if part of a secure boot. The DTB of
> stage 1 is used to verify FIT from stage 2. You need to trust DTB of
> stage 1 (by verifying it with stage 0, etc.) otherwise I can also simply
> just change the public key in there.
The reason the keys might be missing in the DTB would be mostly
mistakes. Oversight during rebase, some packaging mistake, etc. BTDT,
constantly fighting my own fat fingers :-)
cu
Ludwig
--
Ludwig Nussel
Siemens AG
www.siemens.com
More information about the U-Boot
mailing list