On Thu Jun 12, 2025 at 7:54 PM JST, Danilo Krummrich wrote: > On 6/12/25 9:19 AM, Alexandre Courbot wrote: >> On Wed Jun 4, 2025 at 7:28 PM JST, Danilo Krummrich wrote: >>> If we can't patch them when the object is created, i.e. in >>> FirmwareDmaObject::new(), I think we should take self by value in >>> FirmwareDmaObject::patch_signature() and return a SignedFirmwareDmaObject >>> (which >>> can just be a transparent wrapper) instead in order to let the type system >>> prove >>> that we did not forget to call patch_signature(). >> >> This one is a bit tricky. Signature patching is actually optional, >> depending on whether there are signatures present at all (it might not >> be the case on development setups). So involving the type system here >> would require storing the result in an enum, and then match that enum >> later in order to do the same thing in both cases - load the binary >> as-is. >> >> So I guess I would rather leave this one as it currently is, unless >> there is a better way I haven't thought about? > > In the end the idea is to ensure that we can't forget to call > patch_signature(), > so even if it's optional we could do what I mentioned above, just that > patch_signature() might be a noop?
Sure, I can add a method to transition to the signed state without doing anything. At least it will make sure the caller knows what they are doing.
