[PATCH v2 0/4] Improve FIT signature handling
Ludwig Nussel
ludwig.nussel at siemens.com
Thu Apr 30 14:25:59 CEST 2026
This patch series tries to improve dealing with FIT
(configuration-)signatures a bit:
- make signatures work with QEMU. QEMU brings it's own device tree at
a memory address. U-Boot expects public keys in it's own DT though.
So merge both.
- (optionally) enforce signatures so we can't accidentally boot
unsigned fit images. Quite an easy oversight, esp when qemu
previously didn't even use the built in DT.
- make iminfo verify configuration signatures, not just image hashes
Changes in v2:
- introduce FIT_SIGNATURE_REQUIRED
- document fit_all_configurations_verify()
Ludwig Nussel (4):
qemu: overlay signature nodes
mkimage: define log_err and log_info
image-fit-sig: Optionally require signatures
iminfo: also verify signatures
board/emulation/qemu-arm/qemu-arm.c | 33 +++++++++++++++++++-
boot/Kconfig | 10 ++++++
boot/image-fit-sig.c | 12 +++++---
boot/image-fit.c | 48 +++++++++++++++++++++++++++++
boot/image-pre-load.c | 3 --
cmd/bootm.c | 7 +++++
include/image.h | 1 +
tools/mkimage.h | 2 ++
8 files changed, 107 insertions(+), 9 deletions(-)
--
2.43.0
base-commit: 70cb0b8232246c5157802cc26536258a1a446603
branch: us-qemu-signatures2
More information about the U-Boot
mailing list