Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.1/patches/2228961/?format=api
{ "id": 2228961, "url": "http://patchwork.ozlabs.org/api/1.1/patches/2228961/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/patch/20260427150409.400914-2-ludwig.nussel@siemens.com/", "project": { "id": 18, "url": "http://patchwork.ozlabs.org/api/1.1/projects/18/?format=api", "name": "U-Boot", "link_name": "uboot", "list_id": "u-boot.lists.denx.de", "list_email": "u-boot@lists.denx.de", "web_url": null, "scm_url": null, "webscm_url": null }, "msgid": "<20260427150409.400914-2-ludwig.nussel@siemens.com>", "date": "2026-04-27T15:03:39", "name": "[2/4] iminfo: also verify signatures", "commit_ref": null, "pull_url": null, "state": "changes-requested", "archived": false, "hash": "3cdc26838e31fcbf1d9bb84145a03890b03f4efd", "submitter": { "id": 90265, "url": "http://patchwork.ozlabs.org/api/1.1/people/90265/?format=api", "name": "Ludwig Nussel", "email": "ludwig.nussel@siemens.com" }, "delegate": { "id": 3651, "url": "http://patchwork.ozlabs.org/api/1.1/users/3651/?format=api", "username": "trini", "first_name": "Tom", "last_name": "Rini", "email": "trini@ti.com" }, "mbox": "http://patchwork.ozlabs.org/project/uboot/patch/20260427150409.400914-2-ludwig.nussel@siemens.com/mbox/", "series": [ { "id": 501669, "url": "http://patchwork.ozlabs.org/api/1.1/series/501669/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/list/?series=501669", "date": "2026-04-27T15:03:38", "name": "[1/4] qemu: overlay signature nodes", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/501669/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2228961/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2228961/checks/", "tags": {}, "headers": { "Return-Path": "<u-boot-bounces@lists.denx.de>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=siemens.com header.i=ludwig.nussel@siemens.com\n header.a=rsa-sha256 header.s=fm2 header.b=eWx+ilLO;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)", "phobos.denx.de;\n dmarc=pass (p=reject dis=none) header.from=siemens.com", "phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de", "phobos.denx.de;\n\tdkim=pass (2048-bit key;\n secure) header.d=siemens.com header.i=ludwig.nussel@siemens.com\n header.b=\"eWx+ilLO\";\n\tdkim-atps=neutral", "phobos.denx.de;\n dmarc=pass (p=reject dis=none) header.from=siemens.com", "phobos.denx.de;\n spf=pass smtp.mailfrom=ludwig.nussel@siemens.com" ], "Received": [ "from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g46Lb3TMVz1xvV\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 28 Apr 2026 01:05:11 +1000 (AEST)", "from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id DC5E384106;\n\tMon, 27 Apr 2026 17:04:56 +0200 (CEST)", "by phobos.denx.de (Postfix, from userid 109)\n id D277E83693; Mon, 27 Apr 2026 17:04:54 +0200 (CEST)", "from mta-64-225.siemens.flowmailer.net\n (mta-64-225.siemens.flowmailer.net [185.136.64.225])\n (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id EACEA83BC4\n for <u-boot@lists.denx.de>; Mon, 27 Apr 2026 17:04:52 +0200 (CEST)", "by mta-64-225.siemens.flowmailer.net with ESMTPSA id\n 202604271504529eac80577b00020742 for <u-boot@lists.denx.de>;\n Mon, 27 Apr 2026 17:04:52 +0200" ], "X-Spam-Checker-Version": "SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de", "X-Spam-Level": "", "X-Spam-Status": "No, score=-2.3 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,\n DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,\n RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,\n SPF_HELO_PASS,SPF_NONE autolearn=ham autolearn_force=no version=3.4.2", "DKIM-Signature": "v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm2;\n d=siemens.com; i=ludwig.nussel@siemens.com;\n h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To;\n bh=PI0QmtJYVsFSstnRi3T5SNM14DYZPOzFo/Dn9f2D84A=;\n b=eWx+ilLO/clZIjEaQdBrga5EgO0hHT0yLHts1SdvWJdCVNNhcAGqmxjn/duNvPeF+3I2ij\n pQNq5cEANyOfVHrjvrkT0vl+GGiFk+H+o+VSIFgW7HCObtVOL0YKplxDJPEqac8geMgTIHHX\n 9v1HwRFJAXoHc2zQLpJzbHN1IdxH31UPczFJWIxveErUG1xXt34zMPZ6wqu1Snx6/EDpgNeF\n wcqfYebXLXEr2qn5O0laFi4cM3DxJ7fLS3dgn1lnrdao/fdkGKSjobWX5lpx40HPJfC9loqC\n Zg7r/mGvdkzls1AyVAQX5sc9wSVVGZlI+gznpiE0jjXClLQo1ix6im/w==;", "From": "Ludwig Nussel <ludwig.nussel@siemens.com>", "To": "u-boot@lists.denx.de", "Cc": "Ludwig Nussel <ludwig.nussel@siemens.com>,\n Frank Wunderlich <frank-w@public-files.de>,\n James Hilliard <james.hilliard1@gmail.com>,\n Jonas Karlman <jonas@kwiboo.se>, Julien Stephan <jstephan@baylibre.com>,\n Marek Vasut <marek.vasut+renesas@mailbox.org>,\n Mayuresh Chitale <mchitale@ventanamicro.com>,\n Neil Armstrong <neil.armstrong@linaro.org>,\n Osama Abdelkader <osama.abdelkader@gmail.com>,\n Patrice Chotard <patrice.chotard@foss.st.com>, Peng Fan <peng.fan@nxp.com>,\n Quentin Schulz <quentin.schulz@cherry.de>,\n Shiji Yang <yangshiji66@outlook.com>, Tom Rini <trini@konsulko.com>,\n Wolfgang Wallner <wolfgang.wallner@at.abb.com>, Yao Zi <me@ziyao.cc>", "Subject": "[PATCH 2/4] iminfo: also verify signatures", "Date": "Mon, 27 Apr 2026 17:03:39 +0200", "Message-ID": "<20260427150409.400914-2-ludwig.nussel@siemens.com>", "In-Reply-To": "<20260427150409.400914-1-ludwig.nussel@siemens.com>", "References": "<20260427150409.400914-1-ludwig.nussel@siemens.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "X-Flowmailer-Platform": "Siemens", "Feedback-ID": "519:519-1328817:519-21489:flowmailer", "X-BeenThere": "u-boot@lists.denx.de", "X-Mailman-Version": "2.1.39", "Precedence": "list", "List-Id": "U-Boot discussion <u-boot.lists.denx.de>", "List-Unsubscribe": "<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>", "List-Archive": "<https://lists.denx.de/pipermail/u-boot/>", "List-Post": "<mailto:u-boot@lists.denx.de>", "List-Help": "<mailto:u-boot-request@lists.denx.de?subject=help>", "List-Subscribe": "<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>", "Errors-To": "u-boot-bounces@lists.denx.de", "Sender": "\"U-Boot\" <u-boot-bounces@lists.denx.de>", "X-Virus-Scanned": "clamav-milter 0.103.8 at phobos.denx.de", "X-Virus-Status": "Clean" }, "content": "The iminfo command already verifies hashes of images. This change also\nverifies signatures of configurations if enabled.\n\nSigned-off-by: Ludwig Nussel <ludwig.nussel@siemens.com>\n---\n\n boot/image-fit.c | 36 ++++++++++++++++++++++++++++++++++++\n cmd/bootm.c | 7 +++++++\n include/image.h | 1 +\n 3 files changed, 44 insertions(+)", "diff": "diff --git a/boot/image-fit.c b/boot/image-fit.c\nindex 2d2709aa5b1..b2c6db79edb 100644\n--- a/boot/image-fit.c\n+++ b/boot/image-fit.c\n@@ -1512,6 +1512,42 @@ int fit_all_image_verify(const void *fit)\n \treturn 1;\n }\n \n+int fit_all_configurations_verify(const void *fit)\n+{\n+\tint confs_noffset;\n+\tint noffset;\n+\tint r = -ENOENT;\n+\n+\t/* Find images parent node offset */\n+\tconfs_noffset = fdt_path_offset(fit, FIT_CONFS_PATH);\n+\tif (confs_noffset < 0) {\n+\t\tprintf(\"Can't find configurations parent node '%s' (%s)\\n\",\n+\t\t FIT_IMAGES_PATH, fdt_strerror(confs_noffset));\n+\t\treturn confs_noffset;\n+\t}\n+\n+\t/* Process all config subnodes, check hashes for each */\n+\tprintf(\"## Checking signatures for FIT Image at %08lx ...\\n\",\n+\t (ulong)fit);\n+\n+\tfdt_for_each_subnode(noffset, fit, confs_noffset) {\n+\t\tint ret;\n+\n+\t\tprintf(\"%s ... \", fit_get_name(fit, noffset, NULL));\n+\t\tret = fit_config_verify(fit, noffset);\n+\t\tif (ret) {\n+\t\t\tr = ret;\n+\t\t\tcontinue;\n+\t\t}\n+\t\t/* at least one correct config */\n+\t\tif (r == -ENOENT)\n+\t\t\tr = 0;\n+\t\tputs(\"OK\\n\");\n+\t}\n+\n+\treturn r;\n+}\n+\n static int fit_image_uncipher(const void *fit, int image_noffset,\n \t\t\t void **data, size_t *size)\n {\ndiff --git a/cmd/bootm.c b/cmd/bootm.c\nindex ca7cec91fad..2faa9648c46 100644\n--- a/cmd/bootm.c\n+++ b/cmd/bootm.c\n@@ -335,6 +335,13 @@ static int image_info(ulong addr)\n \t\t\treturn 1;\n \t\t}\n \n+\t\tif (CONFIG_IS_ENABLED(FIT_SIGNATURE) &&\n+\t\t fit_all_configurations_verify(hdr) != 0) {\n+\t\t\tputs(\"Signature verification failed!\\n\");\n+\t\t\tunmap_sysmem(hdr);\n+\t\t\treturn 1;\n+\t\t}\n+\n \t\tunmap_sysmem(hdr);\n \t\treturn 0;\n #endif\ndiff --git a/include/image.h b/include/image.h\nindex 34efac6056d..7948090f6e0 100644\n--- a/include/image.h\n+++ b/include/image.h\n@@ -1355,6 +1355,7 @@ static inline int fit_config_verify(const void *fit, int conf_noffset)\n }\n #endif\n int fit_all_image_verify(const void *fit);\n+int fit_all_configurations_verify(const void *fit);\n int fit_config_decrypt(const void *fit, int conf_noffset);\n int fit_image_check_os(const void *fit, int noffset, uint8_t os);\n int fit_image_check_arch(const void *fit, int noffset, uint8_t arch);\n", "prefixes": [ "2/4" ] }