[PATCH v3 4/4] iminfo: also verify signatures

[Simon Glass]

Hi Ludwig,

On Mon, 11 May 2026 at 05:25, Ludwig Nussel <ludwig.nussel at siemens.com> wrote:
>
> On 5/7/26 18:49, Simon Glass wrote:
> > [...]
> >> diff --git a/cmd/bootm.c b/cmd/bootm.c
> >> @@ -335,6 +335,13 @@ static int image_info(ulong addr)
> >> +             if (CONFIG_IS_ENABLED(FIT_SIGNATURE) &&
> >> +                 fit_all_configurations_verify(hdr) != 0) {
> >> +                     puts("Signature verification failed!\n");
> >> +                     unmap_sysmem(hdr);
> >> +                     return CONFIG_IS_ENABLED(FIT_SIGNATURE_REQUIRED) == 1;
> >> +             }
> >
> > A FIT with no /configurations node (an images-only FIT, which is
> > valid) makes fit_all_configurations_verify() return -ENOENT and log
> > 'Can't find configurations parent node' from inside the helper. That
> > ends up here as 'Signature verification failed!' which is misleading.
> > Please treat -ENOENT as 'nothing to do' in this caller, and don't
> > log_err inside the helper for that case.
>
> Ok, I can certainly omit the extra error message. What does 'nothing to
> do' mean when FIT_SIGNATURE_REQUIRED is enabled though? IMO images-only
> FITs are not acceptable in that case.
> Maybe renaming the option to FIT_CONF_SIGS_REQUIRED or so would make
> that more clear.

Yes that makes sense, perhaps FIT_REQUIRE_CONFIG_SIGS ?

Regards,
Simon