[PATCH v3 4/4] iminfo: also verify signatures
Ludwig Nussel
ludwig.nussel at siemens.com
Mon May 11 13:25:48 CEST 2026
On 5/7/26 18:49, Simon Glass wrote:
> [...]
>> diff --git a/cmd/bootm.c b/cmd/bootm.c
>> @@ -335,6 +335,13 @@ static int image_info(ulong addr)
>> + if (CONFIG_IS_ENABLED(FIT_SIGNATURE) &&
>> + fit_all_configurations_verify(hdr) != 0) {
>> + puts("Signature verification failed!\n");
>> + unmap_sysmem(hdr);
>> + return CONFIG_IS_ENABLED(FIT_SIGNATURE_REQUIRED) == 1;
>> + }
>
> A FIT with no /configurations node (an images-only FIT, which is
> valid) makes fit_all_configurations_verify() return -ENOENT and log
> 'Can't find configurations parent node' from inside the helper. That
> ends up here as 'Signature verification failed!' which is misleading.
> Please treat -ENOENT as 'nothing to do' in this caller, and don't
> log_err inside the helper for that case.
Ok, I can certainly omit the extra error message. What does 'nothing to
do' mean when FIT_SIGNATURE_REQUIRED is enabled though? IMO images-only
FITs are not acceptable in that case.
Maybe renaming the option to FIT_CONF_SIGS_REQUIRED or so would make
that more clear.
--
Ludwig Nussel
Siemens AG
www.siemens.com
More information about the U-Boot
mailing list