390e00355e
Add fit-check-sign package which allows validating a uImage.FIT. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
70 lines
2.4 KiB
Diff
70 lines
2.4 KiB
Diff
From patchwork Sat Mar 29 03:12:50 2025
|
|
Content-Type: text/plain; charset="utf-8"
|
|
MIME-Version: 1.0
|
|
Content-Transfer-Encoding: 7bit
|
|
X-Patchwork-Submitter: Daniel Golle <daniel@makrotopia.org>
|
|
X-Patchwork-Id: 2066664
|
|
Return-Path: <u-boot-bounces@lists.denx.de>
|
|
X-Original-To: incoming@patchwork.ozlabs.org
|
|
Delivered-To: patchwork-incoming@legolas.ozlabs.org
|
|
Date: Sat, 29 Mar 2025 03:12:50 +0000
|
|
From: Daniel Golle <daniel@makrotopia.org>
|
|
To: Tom Rini <trini@konsulko.com>, Simon Glass <sjg@chromium.org>,
|
|
Chia-Wei Wang <chiawei_wang@aspeedtech.com>, u-boot@lists.denx.de
|
|
Cc: Thomas =?iso-8859-1?q?H=FChn?= <thomas.huehn@hs-nordhausen.de>
|
|
Subject: [PATCH 1/2] image-fit-sig: skip in tools build if key is missing
|
|
Message-ID:
|
|
<bf6a90e864b713db41bf788797554649eeaa0732.1743217745.git.daniel@makrotopia.org>
|
|
MIME-Version: 1.0
|
|
Content-Disposition: inline
|
|
X-BeenThere: u-boot@lists.denx.de
|
|
X-Mailman-Version: 2.1.39
|
|
Precedence: list
|
|
List-Id: U-Boot discussion <u-boot.lists.denx.de>
|
|
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
|
|
<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
|
|
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
|
|
List-Post: <mailto:u-boot@lists.denx.de>
|
|
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
|
|
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
|
|
<mailto:u-boot-request@lists.denx.de?subject=subscribe>
|
|
Errors-To: u-boot-bounces@lists.denx.de
|
|
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
|
|
|
|
Skip signature verification in case no public key was given in order to
|
|
allow using fit_check_sign also to validate uImage.FIT images without
|
|
signatures. Guarded by USE_HOSTCC macro the behavior on target is
|
|
unchanged.
|
|
|
|
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
---
|
|
boot/image-fit-sig.c | 10 ++++++++++
|
|
1 file changed, 10 insertions(+)
|
|
|
|
--- a/boot/image-fit-sig.c
|
|
+++ b/boot/image-fit-sig.c
|
|
@@ -191,6 +191,11 @@ int fit_image_verify_required_sigs(const
|
|
int noffset;
|
|
int key_node;
|
|
|
|
+#ifdef USE_HOSTCC
|
|
+ if (!key_blob)
|
|
+ return 0;
|
|
+#endif
|
|
+
|
|
/* Work out what we need to verify */
|
|
*no_sigsp = 1;
|
|
key_node = fdt_subnode_offset(key_blob, 0, FIT_SIG_NODENAME);
|
|
@@ -477,6 +482,11 @@ static int fit_config_verify_required_ke
|
|
bool reqd_policy_all = true;
|
|
const char *reqd_mode;
|
|
|
|
+#ifdef USE_HOSTCC
|
|
+ if (!key_blob)
|
|
+ return 0;
|
|
+#endif
|
|
+
|
|
/*
|
|
* We don't support this since libfdt considers names with the
|
|
* name root but different @ suffix to be equal
|