diff options
author | Masahiro Yamada <yamada.masahiro@socionext.com> | 2017-10-27 15:04:20 +0900 |
---|---|---|
committer | Tom Rini <trini@konsulko.com> | 2017-11-06 09:59:00 -0500 |
commit | 6793d017a7679477402f5d30229651dba0db5ed2 (patch) | |
tree | 052f1366fe6ad79259618e243ee4af40e6c0f26b /tools/image-host.c | |
parent | 1d88a99d1b9175c41f015631311fd9e5966eb997 (diff) | |
download | u-boot-6793d017a7679477402f5d30229651dba0db5ed2.tar.gz |
tools: image: allow to sign image nodes without -K option
If -K option is missing when you sign image nodes, it fails with
an unclear error message:
tools/mkimage Can't add hashes to FIT blob: -1
It is hard to figure out the cause of the failure.
In contrast, when you sign configuration nodes, -K is optional because
fit_config_process_sig() returns successfully if keydest is unset.
Probably this is a preferred behavior when you want to update FIT with
the same key; you do not have to update the public key in this case.
So, this commit changes fit_image_process_sig() to continue signing
without keydest. If ->add_verify_data() fails, show a clearer error
message, which has been borrowed from fit_config_process_sig().
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Diffstat (limited to 'tools/image-host.c')
-rw-r--r-- | tools/image-host.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/tools/image-host.c b/tools/image-host.c index ad9a73acf8..d42c1cae4e 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -242,18 +242,19 @@ static int fit_image_process_sig(const char *keydir, void *keydest, /* Get keyname again, as FDT has changed and invalidated our pointer */ info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); - if (keydest) - ret = info.crypto->add_verify_data(&info, keydest); - else - return -1; - /* * Write the public key into the supplied FDT file; this might fail * several times, since we try signing with successively increasing * size values */ - if (keydest && ret) - return ret; + if (keydest) { + ret = info.crypto->add_verify_data(&info, keydest); + if (ret) { + printf("Failed to add verification data for '%s' signature node in '%s' image node\n", + node_name, image_name); + return ret; + } + } return 0; } |