[PATCH v5 5/7] iminfo: also verify signatures
Simon Glass
sjg at chromium.org
Fri May 29 09:02:03 CEST 2026
Hi Ludwig,
On 2026-05-28T11:47:57, Ludwig Nussel <ludwig.nussel at siemens.com> wrote:
> iminfo: also verify signatures
>
> The iminfo command already verifies hashes of images. This change
> also verifies signatures of configurations if enabled.
> If FIT_REQUIRE_CONFIG_SIGS is enabled, iminfo also fails if
> signatures are missing.
>
> While at it print 'OK\n' in success case of fit_all_image_verify()
> too so iminfo output matches bootm. This will simplify the tests.
>
> Adjusts error output slightly to be on stderr
>
> Signed-off-by: Ludwig Nussel <ludwig.nussel at siemens.com>
>
> boot/image-fit.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
> cmd/bootm.c | 8 ++++++++
> include/image.h | 8 ++++++++
> 3 files changed, 70 insertions(+), 1 deletion(-)
Reviewed-by: Simon Glass <sjg at chromium.org>
> diff --git a/cmd/bootm.c b/cmd/bootm.c
> @@ -329,6 +329,14 @@ static int image_info(ulong addr)
>
> fit_print_contents(hdr);
>
> + int ret = fit_all_configurations_verify(hdr);
> +
> + if (ret != 0 && (ret != -ENOENT ||
> + CONFIG_IS_ENABLED(FIT_REQUIRE_CONFIG_SIGS))) {
> + unmap_sysmem(hdr);
> + return 1;
> + }
> +
Please put decls at the top of the block.
Regards,
Simon
More information about the U-Boot
mailing list