[PATCH v4 0/6] Improve FIT signature handling

Ludwig Nussel ludwig.nussel at siemens.com
Wed May 13 16:08:10 CEST 2026 

This patch series tries to improve dealing with FIT
(configuration-)signatures a bit:
  - make signatures work with QEMU. QEMU brings it's own device tree at
    a memory address. U-Boot expects public keys in it's own DT though.
    So merge both.
  - (optionally) enforce signatures so we can't accidentally boot
    unsigned fit images. Quite an easy oversight, esp when qemu
    previously didn't even use the built in DT.
  - make iminfo verify configuration signatures, not just image hashes

The tests were created with the help of copilot and manual fixups. I
have to admit that the log output of those tests is not something I can
grok. I've left the tags copilot added in the commits even though
checkpatch complains. Not sure what the policy is.

Changes in v4:
- mention arm in subject
- correctly change defconfig
- fix and reword comment
- reword Kconfig help text
- rename option to FIT_REQUIRE_CONFIG_SIGS
- introduce SPL_FIT_REQUIRE_CONFIG_SIGS
- test CONFIG_FIT_REQUIRE_CONFIG_SIGS in test_vboot
- set CONFIG_FIT_REQUIRE_CONFIG_SIGS in sandbox_defconfig
- fix documentation to use kdoc style
- test iminfo in test_vboot

Changes in v3:
- enable CONFIG_OF_OMIT_DTB=n in defconfig
- add error returns
- document decission about dt merging direction
- make log_err use stdout too
- clarify error message when no keys were found
- change printfs to log_err
- reword Kconfig
- keep FIT_SIGNATURE_REQUIRED off by default
- use log_err instead of printf in fit_config_verify_required_keys()
- don't make iminfo fail unless FIT_SIGNATURE_REQUIRED is set
- update fit_all_configurations_verify documentation
- stub fit_all_configurations_verify unless FIT_SIGNATURES

Changes in v2:
- introduce FIT_SIGNATURE_REQUIRED
- document fit_all_configurations_verify()

Ludwig Nussel (6):
  qemu-arm: merge built-in DT
  mkimage: define log_err and log_info
  image-fit-sig: Optionally require signatures
  test: vboot: handle CONFIG_FIT_REQUIRE_CONFIG_SIGS in test_vboot
  iminfo: also verify signatures
  test: vboot: add iminfo checks for config signature verification

 board/emulation/qemu-arm/qemu-arm.c |  47 ++++++++++++-
 boot/Kconfig                        |  22 ++++++
 boot/image-fit-sig.c                |  22 +++---
 boot/image-fit.c                    |  53 ++++++++++++++
 boot/image-pre-load.c               |   3 -
 cmd/bootm.c                         |  10 +++
 configs/qemu_arm64_defconfig        |   1 +
 configs/sandbox_defconfig           |   1 +
 include/image.h                     |   8 +++
 test/py/tests/test_vboot.py         | 105 ++++++++++++++++++++++++----
 tools/mkimage.h                     |   6 ++
 11 files changed, 253 insertions(+), 25 deletions(-)

-- 
2.43.0

base-commit: 47dc2c9f758a82bdc98572d7afbf61e5870f0b5d
branch: us-qemu-signatures4

More information about the U-Boot mailing list