Hi Ludwig, On Mon, 11 May 2026 at 05:25, Ludwig Nussel <[email protected]> wrote: > > On 5/7/26 18:49, Simon Glass wrote: > > [...] > >> diff --git a/cmd/bootm.c b/cmd/bootm.c > >> @@ -335,6 +335,13 @@ static int image_info(ulong addr) > >> + if (CONFIG_IS_ENABLED(FIT_SIGNATURE) && > >> + fit_all_configurations_verify(hdr) != 0) { > >> + puts("Signature verification failed!\n"); > >> + unmap_sysmem(hdr); > >> + return CONFIG_IS_ENABLED(FIT_SIGNATURE_REQUIRED) == > >> 1; > >> + } > > > > A FIT with no /configurations node (an images-only FIT, which is > > valid) makes fit_all_configurations_verify() return -ENOENT and log > > 'Can't find configurations parent node' from inside the helper. That > > ends up here as 'Signature verification failed!' which is misleading. > > Please treat -ENOENT as 'nothing to do' in this caller, and don't > > log_err inside the helper for that case. > > Ok, I can certainly omit the extra error message. What does 'nothing to > do' mean when FIT_SIGNATURE_REQUIRED is enabled though? IMO images-only > FITs are not acceptable in that case. > Maybe renaming the option to FIT_CONF_SIGS_REQUIRED or so would make > that more clear.
Yes that makes sense, perhaps FIT_REQUIRE_CONFIG_SIGS ? Regards, Simon
