[v3,0/4] Improve FIT signature handling

[Simon Glass]

Hi Ludwig,

On 2026-05-07T12:06:22, Ludwig Nussel <ludwig.nussel at siemens.com> wrote:

> (optionally) enforce signatures so we can't accidentally boot
> unsigned fit images.

Since you are adding a new policy knob (FIT_SIGNATURE_REQUIRED) and a
new verifier path (fit_all_configurations_verify()), please can you
add coverage in test/py/tests/test_vboot.py for both the
required-but-no-keys case and the iminfo signature path? Without tests
it is easy for a future change to silently regress the fail-closed
behaviour.

Regards,
Simon