[Concept] [PATCH 04/14] iminfo: also verify signatures

13 Aug 2025

The iminfo command already verifies hashes of images. This change also
verifies signatures of configurations if enabled.

Signed-off-by: Ludwig Nussel <ludwig.nussel@siemens.com>
---
 boot/image-fit.c | 31 +++++++++++++++++++++++++++++++
 cmd/bootm.c      |  7 +++++++
 include/image.h  |  1 +
 3 files changed, 39 insertions(+)

diff --git a/boot/image-fit.c b/boot/image-fit.c
index 41ab1f552b0..1e5c35aaec4 100644
--- a/boot/image-fit.c
+++ b/boot/image-fit.c
@@ -1496,6 +1496,37 @@ int fit_all_image_verify(const void *fit)
 	return 1;
 }
 
+int fit_all_configurations_verify(const void *fit)
+{
+	int confs_noffset;
+	int noffset;
+	int r = 1;
+
+	/* Find images parent node offset */
+	confs_noffset = fdt_path_offset(fit, FIT_CONFS_PATH);
+	if (confs_noffset < 0) {
+		printf("Can't find configurations parent node '%s' (%s)\n",
+		       FIT_IMAGES_PATH, fdt_strerror(confs_noffset));
+		return 0;
+	}
+
+	/* Process all image subnodes, check hashes for each */
+	printf("## Checking signatures for FIT Image at %08lx ...\n",
+	       (ulong)fit);
+
+	fdt_for_each_subnode(noffset, fit, confs_noffset) {
+		printf("%s ... ", fit_get_name(fit, noffset, NULL));
+		if (fit_config_verify(fit, noffset)) {
+			r = 0;
+			puts("BAD");
+			continue;
+		}
+		puts("OK");
+	}
+
+	return r;
+}
+
 static int fit_image_uncipher(const void *fit, int image_noffset,
 			      void **data, size_t *size)
 {
diff --git a/cmd/bootm.c b/cmd/bootm.c
index bee683d0580..a2d811a1cbc 100644
--- a/cmd/bootm.c
+++ b/cmd/bootm.c
@@ -338,6 +338,13 @@ static int image_info(ulong addr)
 			return 1;
 		}
 
+		if (CONFIG_IS_ENABLED(FIT_SIGNATURE) &&
+		    !fit_all_configurations_verify(hdr)) {
+			puts("Signature verification failed!\n");
+			unmap_sysmem(hdr);
+			return 1;
+		}
+
 		unmap_sysmem(hdr);
 		return 0;
 #endif
diff --git a/include/image.h b/include/image.h
index b695cc39447..aa3d6ab7340 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1351,6 +1351,7 @@ static inline int fit_config_verify(const void *fit, int conf_noffset)
 }
 #endif
 int fit_all_image_verify(const void *fit);
+int fit_all_configurations_verify(const void *fit);
 int fit_config_decrypt(const void *fit, int conf_noffset);
 int fit_image_check_os(const void *fit, int noffset, uint8_t os);
 int fit_image_check_arch(const void *fit, int noffset, uint8_t arch);
-- 
2.34.1

    