Hi Ludwig, On 2026-05-07T12:06:22, Ludwig Nussel <[email protected]> wrote:
> (optionally) enforce signatures so we can't accidentally boot > unsigned fit images. Since you are adding a new policy knob (FIT_SIGNATURE_REQUIRED) and a new verifier path (fit_all_configurations_verify()), please can you add coverage in test/py/tests/test_vboot.py for both the required-but-no-keys case and the iminfo signature path? Without tests it is easy for a future change to silently regress the fail-closed behaviour. Regards, Simon
