Hi, On 10/14/25 1:02 PM, Jonas Rebmann wrote: > Separate keys shall be used for fitimage verification and the upcoming > TLV verification. > > Based on the newly introduced keyring feature, limit fitimage > verification to the keys in the keyring literally named "fit", which is > also the current default keyring name in keytoc for backwards > compatibility. > > Signed-off-by: Jonas Rebmann <[email protected]> > --- > common/image-fit.c | 13 ++++++++----- > crypto/public-keys.c | 13 ++++++++++--- > crypto/rsa.c | 1 + > include/crypto/public_key.h | 9 ++++++++- > include/tlv/tlv.h | 1 + > 5 files changed, 28 insertions(+), 9 deletions(-) > > diff --git a/common/image-fit.c b/common/image-fit.c > index 3017ccb504..0cbe8baf6f 100644 > --- a/common/image-fit.c > +++ b/common/image-fit.c > @@ -261,7 +261,7 @@ static struct digest *fit_alloc_digest(struct device_node > *sig_node, > static int fit_check_signature(struct fit_handle *handle, struct device_node > *sig_node, > enum hash_algo algo, void *hash) > { > - const char *fail_reason = "no built-in keys"; > + const char *fail_reason; > const struct public_key *key; > const char *key_name = NULL; > int sig_len; > @@ -274,10 +274,13 @@ static int fit_check_signature(struct fit_handle > *handle, struct device_node *si > return -EINVAL; > } > > + fail_reason = "no matching keys"; > + > of_property_read_string(sig_node, "key-name-hint", &key_name); > if (key_name) { > - key = public_key_get(key_name); > + key = public_key_get(key_name, "fit"); > if (key) { > + fail_reason = "verification failed"; > ret = public_key_verify(key, sig_value, sig_len, hash, > algo); > if (handle->verbose) > pr_info("Key %*phN (%s) -> signature %s\n", > key->hashlen, > @@ -287,13 +290,13 @@ static int fit_check_signature(struct fit_handle > *handle, struct device_node *si > } > } > > - for_each_public_key(key) { > - fail_reason = "verification failed"; > + for_each_public_key_keyring(key, "fit") { > > /* Don't recheck with same key as before */ > - if (streq_ptr(key->key_name_hint, key_name)) > + if (key_name && streq_ptr(key->key_name_hint, key_name))
Ouch. This should be fixed up into the commit introducing streq_ptr as that one breaks handling of multiple keys where there are no hints.. I sent a fixup. Cheers, Ahmad -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
