[PATCH v2 4/4] iminfo: also verify signatures
Ludwig Nussel
ludwig.nussel at siemens.com
Tue May 5 14:30:57 CEST 2026
On 5/4/26 14:26, Simon Glass wrote:
> On 2026-04-30T12:25:59, Ludwig Nussel <ludwig.nussel at siemens.com> wrote:
>>[...]
>> diff --git a/cmd/bootm.c b/cmd/bootm.c
>> @@ -335,6 +335,13 @@ static int image_info(ulong addr)
>> + if (CONFIG_IS_ENABLED(FIT_SIGNATURE_REQUIRED) &&
>> + fit_all_configurations_verify(hdr) != 0) {
>> + puts("Signature verification failed!\n");
>> + unmap_sysmem(hdr);
>> + return 1;
>> + }
>> +
>
> The subject says iminfo "also verifies signatures", but verification
> only runs when FIT_SIGNATURE_REQUIRED is set. I'd expect iminfo to
> attempt verification whenever FIT_SIGNATURE is enabled so the user
> sees the result, and only treat failure as fatal when REQUIRED is set
> - otherwise users on the legacy path lose the diagnostic value. What
> do you think?
Sure, sounds good.
cuLudwig
--
Ludwig Nussel
Siemens AG
www.siemens.com
More information about the U-Boot
mailing list