Hi Simon, On Fri, Sep 13, 2019 at 5:36 PM Simon Glass <s...@chromium.org> wrote: > > Hi Daniele, > > > > > If I understand it correctly, at Line 440 we check if verification > > with the required key succeeded and if so we return otherwise we > > continue, trying other keys. > > Yes that's my understanding too. > > > > > Is that the intended behavior? Shouldn't the code return in any case > > (thus making the FIT verification process fail if the image couldn't > > be verified with the required key)? Or am I missing something? > > Yes I think you are right. The documentation says: > > - required: If present this indicates that the key must be verified for the > image / configuration to be considered valid. Only required keys are > normally verified by the FIT image booting algorithm. Valid values are > "image" to force verification of all images, and "conf" to force verification > of the selected configuration (which then relies on hashes in the images to > verify those).
Thanks for confirming it. I'll prepare a small patch to fix it... that would be my first U-boot patch :D > > The test coverage does not handle that case at present, but it should. > I'm afraid I won't have time to fix that in my patch. I had a quick look at 'test_fit.py' and it looks like there is quite some code to write to add this test case. Regards, Daniele _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
