From patchwork Sat Mar 29 03:12:50 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Golle X-Patchwork-Id: 2066664 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Date: Sat, 29 Mar 2025 03:12:50 +0000 From: Daniel Golle To: Tom Rini , Simon Glass , Chia-Wei Wang , u-boot@lists.denx.de Cc: Thomas =?iso-8859-1?q?H=FChn?= Subject: [PATCH 1/2] image-fit-sig: skip in tools build if key is missing Message-ID: MIME-Version: 1.0 Content-Disposition: inline X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Skip signature verification in case no public key was given in order to allow using fit_check_sign also to validate uImage.FIT images without signatures. Guarded by USE_HOSTCC macro the behavior on target is unchanged. Signed-off-by: Daniel Golle --- boot/image-fit-sig.c | 10 ++++++++++ 1 file changed, 10 insertions(+) --- a/boot/image-fit-sig.c +++ b/boot/image-fit-sig.c @@ -191,6 +191,11 @@ int fit_image_verify_required_sigs(const int noffset; int key_node; +#ifdef USE_HOSTCC + if (!key_blob) + return 0; +#endif + /* Work out what we need to verify */ *no_sigsp = 1; key_node = fdt_subnode_offset(key_blob, 0, FIT_SIG_NODENAME); @@ -477,6 +482,11 @@ static int fit_config_verify_required_ke bool reqd_policy_all = true; const char *reqd_mode; +#ifdef USE_HOSTCC + if (!key_blob) + return 0; +#endif + /* * We don't support this since libfdt considers names with the * name root but different @ suffix to be equal