The keys trusted for FIT signature verification are supposed to be embedded in the device tree built into u-boot. When running in Qemu it's convenient to use the device tree provided by the VM which doesn't know about signatures though. So merge the signature nodes at run time. Needs CONFIG_OF_OMIT_DTB=n CONFIG_OF_LIBFDT_OVERLAY=y Signed-off-by: Ludwig Nussel <ludwig.nussel@siemens.com> --- board/emulation/qemu-arm/qemu-arm.c | 30 ++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/board/emulation/qemu-arm/qemu-arm.c b/board/emulation/qemu-arm/qemu-arm.c index 38f0ec5f2fb..54f891dc37c 100644 --- a/board/emulation/qemu-arm/qemu-arm.c +++ b/board/emulation/qemu-arm/qemu-arm.c @@ -147,7 +147,35 @@ int dram_init_banksize(void) int board_fdt_blob_setup(void **fdtp) { /* QEMU loads a generated DTB for us at the start of RAM. */ - *fdtp = (void *)CFG_SYS_SDRAM_BASE; + void *qemu_fdt = (void *)CFG_SYS_SDRAM_BASE; + + if (CONFIG_IS_ENABLED(FIT_SIGNATURE) && CONFIG_IS_ENABLED(OF_LIBFDT_OVERLAY) && *fdtp) { + int node; + + node = fdt_subnode_offset(*fdtp, 0, FIT_SIG_NODENAME); + if (node > 0) { + int ret; + int nnode; + + log_info("found signature node in previous dt at %p, merging ...\n", *fdtp); + + nnode = fdt_add_subnode(qemu_fdt, 0, FIT_SIG_NODENAME); + if (nnode == -FDT_ERR_EXISTS) { + nnode = fdt_subnode_offset(qemu_fdt, 0, FIT_SIG_NODENAME); + if (nnode == -FDT_ERR_NOTFOUND) + return -FDT_ERR_INTERNAL; + } + + if (nnode < 0) + return nnode; + + ret = fdt_overlay_apply_node(qemu_fdt, nnode, (void *)*fdtp, node); + if (ret < 0) + log_err("Failed to apply overlay: %d\n", ret); + } + } + + *fdtp = qemu_fdt; return 0; } -- 2.34.1