On 5/7/26 18:49, Simon Glass wrote:
[...]diff --git a/cmd/bootm.c b/cmd/bootm.c @@ -335,6 +335,13 @@ static int image_info(ulong addr) + if (CONFIG_IS_ENABLED(FIT_SIGNATURE) && + fit_all_configurations_verify(hdr) != 0) { + puts("Signature verification failed!\n"); + unmap_sysmem(hdr); + return CONFIG_IS_ENABLED(FIT_SIGNATURE_REQUIRED) == 1; + }A FIT with no /configurations node (an images-only FIT, which is valid) makes fit_all_configurations_verify() return -ENOENT and log 'Can't find configurations parent node' from inside the helper. That ends up here as 'Signature verification failed!' which is misleading. Please treat -ENOENT as 'nothing to do' in this caller, and don't log_err inside the helper for that case.
Ok, I can certainly omit the extra error message. What does 'nothing to do' mean when FIT_SIGNATURE_REQUIRED is enabled though? IMO images-only FITs are not acceptable in that case. Maybe renaming the option to FIT_CONF_SIGS_REQUIRED or so would make that more clear.
-- Ludwig Nussel Siemens AG www.siemens.com
