[PATCH v3 0/4] Improve FIT signature handling
Ludwig Nussel
ludwig.nussel at siemens.com
Thu May 7 14:06:21 CEST 2026
This patch series tries to improve dealing with FIT
(configuration-)signatures a bit:
- make signatures work with QEMU. QEMU brings it's own device tree at
a memory address. U-Boot expects public keys in it's own DT though.
So merge both.
- (optionally) enforce signatures so we can't accidentally boot
unsigned fit images. Quite an easy oversight, esp when qemu
previously didn't even use the built in DT.
- make iminfo verify configuration signatures, not just image hashes
Changes in v3:
- enable CONFIG_OF_OMIT_DTB=n in defconfig
- add error returns
- document decission about dt merging direction
- make log_err use stdout too
- clarify error message when no keys were found
- change printfs to log_err
- reword Kconfig
- keep FIT_SIGNATURE_REQUIRED off by default
- use log_err instead of printf in fit_config_verify_required_keys()
- don't make iminfo fail unless FIT_SIGNATURE_REQUIRED is set
- update fit_all_configurations_verify documentation
- stub fit_all_configurations_verify unless FIT_SIGNATURES
Changes in v2:
- introduce FIT_SIGNATURE_REQUIRED
- document fit_all_configurations_verify()
Ludwig Nussel (4):
qemu: overlay signature nodes
mkimage: define log_err and log_info
image-fit-sig: Optionally require signatures
iminfo: also verify signatures
board/emulation/qemu-arm/qemu-arm.c | 50 ++++++++++++++++++++++++--
boot/Kconfig | 10 ++++++
boot/image-fit-sig.c | 22 +++++++-----
boot/image-fit.c | 54 +++++++++++++++++++++++++++++
boot/image-pre-load.c | 3 --
cmd/bootm.c | 7 ++++
configs/qemu_arm64_defconfig | 1 +
include/image.h | 8 +++++
tools/mkimage.h | 5 +++
9 files changed, 146 insertions(+), 14 deletions(-)
--
2.43.0
base-commit: 2829c6969cd1bd5380a090edbdcd69068be035eb
branch: us-qemu-signatures3
More information about the U-Boot
mailing list