[PATCH v6 09/15] tools: fit_image_setup_sig: set required_keynode to -1
Raymond Mao
raymondmaoca at gmail.com
Mon May 25 17:12:41 CEST 2026
Hi Philippe,
On Mon, May 25, 2026 at 9:52 AM Philippe Reynes
<philippe.reynes at softathome.com> wrote:
>
> When initializing info about a signature, set required_keynode
> to -1 instead of 0, as 0 is a valid keynode offset.
>
> Reviewed-by: Simon Glass <sjg at chromium.org>
> Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com>
> ---
> v5:
> - initial version
> v6:
> - no change
>
> tools/image-host.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/tools/image-host.c b/tools/image-host.c
> index 8b550af0dc1..f5681d6c1f9 100644
> --- a/tools/image-host.c
> +++ b/tools/image-host.c
> @@ -198,6 +198,7 @@ static int fit_image_setup_sig(struct image_sign_info *info,
> info->checksum = image_get_checksum_algo(algo_name);
> info->crypto = image_get_crypto_algo(algo_name);
> info->padding = image_get_padding_algo(padding_name);
> + info->required_keynode = -1;
If 0 is regarded as valid, please update the function ecdsa_verify_hash().
Replace 'if (info->required_keynode > 0)' with 'if
(info->required_keynode >= 0)'.
Regards,
Raymond
> info->require_keys = require_keys;
> info->engine_id = engine_id;
> if (!info->checksum || !info->crypto) {
> --
> 2.43.0
>
More information about the U-Boot
mailing list