tools: image: allow to sign image nodes without -K option
If -K option is missing when you sign image nodes, it fails with an unclear error message: tools/mkimage Can't add hashes to FIT blob: -1 It is hard to figure out the cause of the failure. In contrast, when you sign configuration nodes, -K is optional because fit_config_process_sig() returns successfully if keydest is unset. Probably this is a preferred behavior when you want to update FIT with the same key; you do not have to update the public key in this case. So, this commit changes fit_image_process_sig() to continue signing without keydest. If ->add_verify_data() fails, show a clearer error message, which has been borrowed from fit_config_process_sig(). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This commit is contained in:
Masahiro Yamada
Tom Rini
parent
1d88a99d1b
commit
6793d017a7
@ -242,18 +242,19 @@ static int fit_image_process_sig(const char *keydir, void *keydest,
|
||||
/* Get keyname again, as FDT has changed and invalidated our pointer */
|
||||
info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
|
||||
|
||||
if (keydest)
|
||||
ret = info.crypto->add_verify_data(&info, keydest);
|
||||
else
|
||||
return -1;
|
||||
|
||||
/*
|
||||
* Write the public key into the supplied FDT file; this might fail
|
||||
* several times, since we try signing with successively increasing
|
||||
* size values
|
||||
*/
|
||||
if (keydest && ret)
|
||||
return ret;
|
||||
if (keydest) {
|
||||
ret = info.crypto->add_verify_data(&info, keydest);
|
||||
if (ret) {
|
||||
printf("Failed to add verification data for '%s' signature node in '%s' image node\n",
|
||||
node_name, image_name);
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user