This reverts commit 84ca65aa4bd0d03867e9e49805201d0564d3ffb0.
On signature verification failures fit_image_verify() should NOT exit with
error. Only keys marked 'required' can cause image verification failure.
This logic is already there and works correctly.
Add a comment to make this clear.
Fixes: 84ca65aa (image-fit: Fix signature checking)
Signed-off-by: Simon Glass <s...@chromium.org>
---
Changes in v2: None
common/image-fit.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/common/image-fit.c b/common/image-fit.c
index d3fad30..fbd9e0d 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -1035,10 +1035,15 @@ int fit_image_verify(const void *fit, int image_noffset)
strlen(FIT_SIG_NODENAME))) {
ret = fit_image_check_sig(fit, noffset, data,
size, -1, &err_msg);
- if (ret) {
+
+ /*
+ * Show an indication on failure, but do not return
+ * an error. Only keys marked 'required' can cause
+ * an image validation failure. See the call to
+ * fit_image_verify_required_sigs() above.
+ */
+ if (ret)
puts("- ");
- goto error;
- }
else
puts("+ ");
}
--
2.7.0.rc3.207.g0ac5344
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
