[PATCH 1/2] image-fit-sig: skip in tools build if key is missing

[PATCH 1/2] image-fit-sig: skip in tools build if key is missing

[Daniel Golle]

Skip signature verification in case no public key was given in order to
allow using fit_check_sign also to validate uImage.FIT images without
signatures. Guarded by USE_HOSTCC macro the behavior on target is
unchanged.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
---
 boot/image-fit-sig.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/boot/image-fit-sig.c b/boot/image-fit-sig.c
index a121de60ae2..f23e9d5d0b0 100644
--- a/boot/image-fit-sig.c
+++ b/boot/image-fit-sig.c
@@ -191,6 +191,11 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset,
 	int noffset;
 	int key_node;
 
+#ifdef USE_HOSTCC
+	if (!key_blob)
+		return 0;
+#endif
+
 	/* Work out what we need to verify */
 	*no_sigsp = 1;
 	key_node = fdt_subnode_offset(key_blob, 0, FIT_SIG_NODENAME);
@@ -477,6 +482,11 @@ static int fit_config_verify_required_keys(const void *fit, int conf_noffset,
 	bool reqd_policy_all = true;
 	const char *reqd_mode;
 
+#ifdef USE_HOSTCC
+	if (!key_blob)
+		return 0;
+#endif
+
 	/*
 	 * We don't support this since libfdt considers names with the
 	 * name root but different @ suffix to be equal
-- 
2.49.0

[PATCH 2/2] tools/fit_check_sign: make key optional

[Daniel Golle]

Allow invoking fit_check_sig without the key parameter, allowing to
validate only checksums and hashes for unsigned images.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
---
 tools/fit_check_sign.c | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/tools/fit_check_sign.c b/tools/fit_check_sign.c
index 3d1d33fdab1..bac299a70e5 100644
--- a/tools/fit_check_sign.c
+++ b/tools/fit_check_sign.c
@@ -45,7 +45,7 @@ int main(int argc, char **argv)
 	char *config_name = NULL;
 	char cmdname[256];
 	int ret;
-	void *key_blob;
+	void *key_blob = NULL;
 	int c;
 
 	strncpy(cmdname, *argv, sizeof(cmdname) - 1);
@@ -70,18 +70,15 @@ int main(int argc, char **argv)
 		fprintf(stderr, "%s: Missing fdt file\n", *argv);
 		usage(*argv);
 	}
-	if (!keyfile) {
-		fprintf(stderr, "%s: Missing key file\n", *argv);
-		usage(*argv);
-	}
 
 	ffd = mmap_fdt(cmdname, fdtfile, 0, &fit_blob, &fsbuf, false, true);
 	if (ffd < 0)
 		return EXIT_FAILURE;
-	kfd = mmap_fdt(cmdname, keyfile, 0, &key_blob, &ksbuf, false, true);
-	if (kfd < 0)
-		return EXIT_FAILURE;
-
+	if (keyfile) {
+		kfd = mmap_fdt(cmdname, keyfile, 0, &key_blob, &ksbuf, false, true);
+		if (kfd < 0)
+			return EXIT_FAILURE;
+	}
 	image_set_host_blob(key_blob);
 	ret = fit_check_sign(fit_blob, key_blob, config_name);
 	if (!ret) {
-- 
2.49.0

Re: [PATCH 2/2] tools/fit_check_sign: make key optional

[Daniel Golle]

On Sat, Mar 29, 2025 at 03:13:01AM +0000, Daniel Golle wrote:
> Allow invoking fit_check_sig without the key parameter, allowing to
> validate only checksums and hashes for unsigned images.

Sadly I've missed making the munmap() of the key_blob conditional as
well, and while glibc seems to be graceful about munmap(NULL) other libc
like musl are not.

I will fix that in v2.