On Thu, Jun 20, 2024 at 04:20:59PM +0200, Alexander Dahl wrote: > U-Boot configured for verified boot with the "required" option set to > "conf" also checks scripts put in FIT images for a valid signature, and > refuses to source and run such a script if the signature for the > configuration is bad or missing. Such a script could not be packaged > before, because mkimage failed like this: > > % tools/mkimage -T script -C none -d tmp/my.scr -f auto-conf -k tmp -g > dev -o sha256,rsa4096 my.uimg > Failed to find any images for configuration 'conf-1/signature' > tools/mkimage Can't add hashes to FIT blob: -1 > Error: Bad parameters for FIT image type > > This is especially unfortunate if LEGACY_IMAGE_FORMAT is disabled as > recommended. > > Listing the script configuration in a "sign-images" subnode instead, > would have added even more complexity to the already complex auto fit > generation code. > > Signed-off-by: Alexander Dahl <a...@thorsis.com>
Applied to u-boot/master, thanks! -- Tom
signature.asc
Description: PGP signature
