[v2,0/4] Improve FIT signature handling
Simon Glass
sjg at chromium.org
Mon May 4 14:27:15 CEST 2026
Hi Ludwig,
On 2026-04-30T12:25:59, Ludwig Nussel <ludwig.nussel at siemens.com> wrote:
> (optionally) enforce signatures so we can't accidentally boot
> unsigned fit images.
Thanks for tackling this - fail-open signature verification has bitten
people before, so making it opt-out is a good direction! A few
series-level points:
test/py/tests/test_vboot.py exercises FIT signing end-to-end; please
extend it to cover FIT_SIGNATURE_REQUIRED in both the success and
fail-closed paths (no keys in the control DT, unsigned config).
fit_all_configurations_verify() added in patch 4 should also get a
test, ideally driven through iminfo so the command path is covered
too. I wonder if we should enable the option for just one of sandbox /
sandbox_flattree?
Please update doc/usage/fit/signature.rst to describe
FIT_SIGNATURE_REQUIRED, what it changes, and the migration story for
boards relying on the fail-open behaviour. The QEMU change in patch 1
needs a note in doc/board/emulation/qemu-arm.rst too - the
CONFIG_OF_OMIT_DTB=n / CONFIG_OF_LIBFDT_OVERLAY=y pairing it needs is
not obvious.
Regards,
Simon
More information about the U-Boot
mailing list