Hi Ludwig, On Tue, 5 May 2026 at 06:39, Ludwig Nussel <[email protected]> wrote: > > On 5/4/26 14:27, Simon Glass wrote: > > Hi Ludwig, > > > > On 2026-04-30T12:25:59, Ludwig Nussel <[email protected]> wrote: > > > >> (optionally) enforce signatures so we can't accidentally boot > >> unsigned fit images. > > > > Thanks for tackling this - fail-open signature verification has bitten > > people before, so making it opt-out is a good direction! A few > > series-level points: > > > > test/py/tests/test_vboot.py exercises FIT signing end-to-end; please > > extend it to cover FIT_SIGNATURE_REQUIRED in both the success and > > fail-closed paths (no keys in the control DT, unsigned config). > > fit_all_configurations_verify() added in patch 4 should also get a > > test, ideally driven through iminfo so the command path is covered > > too. I wonder if we should enable the option for just one of sandbox / > > sandbox_flattree? > > > Thanks for the review! > I haven't touched tests at all so far, might take me a while to get into.
OK, let me know if you need help. You might find this WIP tool helpful for running C and Python tests: https://github.com/sjg20/uman Regards, Simon
