[Concept] [PATCH 14/14] image-fit-sig: require signatures

Signature nodes in the device tree are mandatory if u-boot is compiled with signature verification. Allowing signature verification to pass if those nodes are missing would leave the system fail open. Signed-off-by: Ludwig Nussel <ludwig.nussel@siemens.com> --- boot/image-fit-sig.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/boot/image-fit-sig.c b/boot/image-fit-sig.c index 550c45edbaa..5ea354ae75b 100644 --- a/boot/image-fit-sig.c +++ b/boot/image-fit-sig.c @@ -481,7 +481,6 @@ static int fit_config_verify_required_keys(const void *fit, int conf_noffset, int noffset; int key_node; int verified = 0; - int reqd_sigs = 0; bool reqd_policy_all = true; const char *reqd_mode; @@ -502,9 +501,8 @@ static int fit_config_verify_required_keys(const void *fit, int conf_noffset, /* Work out what we need to verify */ key_node = fdt_subnode_offset(key_blob, 0, FIT_SIG_NODENAME); if (key_node < 0) { - debug("%s: No signature node found: %s\n", __func__, - fdt_strerror(key_node)); - return 0; + log_err("No signature node found: %s\n", fdt_strerror(key_node)); + return -EPERM; } /* Get required-mode policy property from DTB */ @@ -531,8 +529,6 @@ static int fit_config_verify_required_keys(const void *fit, int conf_noffset, if (!required || strcmp(required, "conf")) continue; - reqd_sigs++; - ret = fit_config_verify_key(fit, conf_noffset, key_blob, noffset); if (ret) { @@ -548,8 +544,8 @@ static int fit_config_verify_required_keys(const void *fit, int conf_noffset, } } - if (reqd_sigs && !verified) { - printf("Failed to verify 'any' of the required signature(s)\n"); + if (!verified) { + log_err("Failed to verify 'any' of the required signature(s)\n"); return -EPERM; } -- 2.34.1