[{"id":3682799,"web_url":"http://patchwork.ozlabs.org/comment/3682799/","msgid":"","list_archive_url":null,"date":"2026-04-27T16:02:58","subject":"Re: [PATCH 4/4] image-fit-sig: require signatures","submitter":{"id":88462,"url":"http://patchwork.ozlabs.org/api/people/88462/","name":"Quentin Schulz","email":"quentin.schulz@cherry.de"},"content":"Hi Ludwig,\n\nOn 4/27/26 5:03 PM, Ludwig Nussel wrote:\n> Signature nodes in the device tree are mandatory if u-boot is compiled\n> with signature verification. Allowing signature verification to pass\n\nFirst, it's not enforced at build time and cannot, as it depends on the \nbinman FDT node to be properly configured. But we cannot do that, \nbecause we don't know the user setup.\n\nYou can (mis)configure U-Boot to do signature verification but forget to \nadd the signature to the SPL/proper DTB. Then it'll do nothing of \ncourse. To be fair, I got bit by that very mistake recently so maybe \nthere's something to improve there indeed.\n\n> if those nodes are missing would leave the system fail open.\n> \n\nYeah but why would they be missing in the first place? It's not like \nthis is something you can modify if part of a secure boot. The DTB of \nstage 1 is used to verify FIT from stage 2. You need to trust DTB of \nstage 1 (by verifying it with stage 0, etc.) otherwise I can also simply \njust change the public key in there.\n\nAlso, this isn't actually handling fit image signature, only conf. Yes, \nimage signature is mostly security theater but at least we would have \nconsistent behavior here.\n\nWe very much need additional tests as well.\n\nCheers,\nQuentin","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=cherry.de header.i=@cherry.de header.a=rsa-sha256\n header.s=selector1 header.b=iDWyTsNl;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)","phobos.denx.de;\n dmarc=pass (p=quarantine dis=none) header.from=cherry.de","phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de","phobos.denx.de;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=cherry.de header.i=@cherry.de header.b=\"iDWyTsNl\";\n\tdkim-atps=neutral","phobos.denx.de; dmarc=pass (p=quarantine dis=none)\n header.from=cherry.de","phobos.denx.de;\n spf=pass smtp.mailfrom=quentin.schulz@cherry.de","dkim=none (message not signed)\n header.d=none;dmarc=none action=none header.from=cherry.de;"],"Received":["from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g47dS3KYYz1yHX\n\tfor ; Tue, 28 Apr 2026 02:03:08 +1000 (AEST)","from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id E03B883BC4;\n\tMon, 27 Apr 2026 18:03:05 +0200 (CEST)","by phobos.denx.de (Postfix, from userid 109)\n id BD0578416F; Mon, 27 Apr 2026 18:03:04 +0200 (CEST)","from AS8PR04CU009.outbound.protection.outlook.com\n (mail-westeuropeazlp170110003.outbound.protection.outlook.com\n [IPv6:2a01:111:f403:c201::3])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id 5E29E83AA9\n for ; Mon, 27 Apr 2026 18:03:02 +0200 (CEST)","from PA4PR04MB7743.eurprd04.prod.outlook.com (2603:10a6:102:b8::20)\n by AS8PR04MB8897.eurprd04.prod.outlook.com (2603:10a6:20b:42c::20)\n with Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.26; Mon, 27 Apr\n 2026 16:03:00 +0000","from PA4PR04MB7743.eurprd04.prod.outlook.com\n ([fe80::9a4e:252f:2fd:97b7]) by PA4PR04MB7743.eurprd04.prod.outlook.com\n ([fe80::9a4e:252f:2fd:97b7%6]) with mapi id 15.20.9846.016; Mon, 27 Apr 2026\n 16:03:00 +0000"],"X-Spam-Checker-Version":"SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de","X-Spam-Level":"","X-Spam-Status":"No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED,\n SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2","ARC-Seal":"i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;\n b=BouHnIisEjaQzpXGLzmsGn3tvh7MY+35OS1bH4FV+WzfNZ/SG3n9+bvvOUXRND+cVr342Ku1JL+yxypK910Zfab40/h3GSKOhv4AJ3NG5ipPHDAzLPpYto3IxTp1ut2XVJuMfD7jm7+IfWfoXcJimJxjJwcr0MA1eGA+bDudHlZh73wlhYlGoPwXHNk3lF4buBw59XYDWs0BM1sXuE37UF4QEqxRjIMVumpC5LRLHmAAMFp1xsXZZXx7RQTXtSJRpofxqtnIaIz4mkxd50YmlSRITKOr44Ag8a5UJJCq/arfGtRpu74MeEn8LsteXfZkBdIuzkzY5cEZK+MEWGyT7w==","ARC-Message-Signature":"i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n s=arcselector10001;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;\n bh=4jJXRDCVPVPzrW6UYru4uae2OQof+DBiUK743LuFxQE=;\n b=BMMzU28kX36P86tTbJJjdsmCkRSu1cvrjPJDJpUkSI3A1x5rKDbSQjLo7RguljBxepxyHcJuWx9eAWbTU/pOiulOvAVZHmNdyMYXZ+3d5OfRTdTgbSaBt0eN6QOL2IaxwRwiybot0PotK8CqWC2XKhI+fYOX9LCdUxnAyUOH0RFtbn5dL+WNCZ+Ku5C3damCr5qLPhzBwLD2T4HWe5rrb6Ha7aU1gLWfxl223bAYI8vdvVqF8aPbQgYkIgjqKhVXm3fRqemOems38EH9dtaqfWir/+3jVKVD1UTvGEleqJdVN1a3EcP+UhEJOIA5/gJ1PMt5uM/WouWVEnmdGv40hg==","ARC-Authentication-Results":"i=1; mx.microsoft.com 1; spf=pass\n smtp.mailfrom=cherry.de; dmarc=pass action=none header.from=cherry.de;\n dkim=pass header.d=cherry.de; arc=none","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=cherry.de;\n s=selector1;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n bh=4jJXRDCVPVPzrW6UYru4uae2OQof+DBiUK743LuFxQE=;\n b=iDWyTsNlCSa7X1PIj8laAYKd0lpVGJDbm9UI0glPJVtmGYb6pzeAYv7WBpmtNWGHBMAW3iHLYsjhoLxkmCgizV1NV3+0nl23uhcraFSwBJoui8zjaXU7S9JSkzAAq0ChOplEOOOAzhx3oVuINAd7z3Gj7rdIHULFXWMFBcEzFgY=","Message-ID":"","Date":"Mon, 27 Apr 2026 18:02:58 +0200","User-Agent":"Mozilla Thunderbird","Subject":"Re: [PATCH 4/4] image-fit-sig: require signatures","To":"Ludwig Nussel , u-boot@lists.denx.de","Cc":"Simon Glass , Tom Rini ","References":"<20260427150409.400914-1-ludwig.nussel@siemens.com>\n <20260427150409.400914-4-ludwig.nussel@siemens.com>","Content-Language":"en-US","From":"Quentin Schulz ","In-Reply-To":"<20260427150409.400914-4-ludwig.nussel@siemens.com>","Content-Type":"text/plain; charset=UTF-8; format=flowed","Content-Transfer-Encoding":"7bit","X-ClientProxiedBy":"VI1PR0102CA0084.eurprd01.prod.exchangelabs.com\n (2603:10a6:803:15::25) To PA4PR04MB7743.eurprd04.prod.outlook.com\n (2603:10a6:102:b8::20)","MIME-Version":"1.0","X-MS-PublicTrafficType":"Email","X-MS-TrafficTypeDiagnostic":"PA4PR04MB7743:EE_|AS8PR04MB8897:EE_","X-MS-Office365-Filtering-Correlation-Id":"b5f06a95-a927-41a0-3496-08dea4767401","X-MS-Exchange-SenderADCheck":"1","X-MS-Exchange-AntiSpam-Relay":"0","X-Microsoft-Antispam":"BCL:0;\n ARA:13230040|366016|1800799024|10070799003|376014|56012099003|18002099003|22082099003;","X-Microsoft-Antispam-Message-Info":"\n 4I5VX32ItIgAAlDL4PF8FylI52gW8IHEgw/bwaiIqjg9ctXXw4wilXPxEEZlLTXQ/CMr5mZF5o9GLEICs5kfMXGBpTnFUsfAlraS/c5YeHRK/ddyVDiXapgBQ5G9j8tMY4IKJzWRLxo2c0HS9ve44iS7YgpOO3duIwMc1l4TZQFtOY0ewrH92Uk7pX5PwG9Xup5mOpmTd/KEQKLi+aKCpM+Q6PrquurcR2tSfAuj1nsi7iJh6iEthopOqOFvgtHlNuux834WmZQYkzYZN3Ol/KA75314LdfR5+A+tZulMGWG5vGf2JFmImg2fLfNDUX+xFao6BK+BTTE7KzszObxs9flxGEC0P1TB5YnMnvHZZRUDmIO8ZcOp9ZaA7ZmBmmDsk8B7YEY5S8Ep5BKg7QWI4/m95XSFl1dOfcZqyaYc98Zz4LicHQ4k3MZuug/4xLbOxHJ1DyNHT40w9yXGIiy20vrMPIa8/Sdopu4YD++oxvQxayZDUlSxIvKxHTIy6I04P1DT7gxQNGVRk3QuFOUGqYbVIxRpYiWzq2tAJ1Yh7FQzgK2ej6aHrQ5Iz9XY6b6d6Unfpm4T1gkDKG0BP+6jyR+LZh812578DVP0rTVDN9M4NBJ8cXHW6R1OGfvxSYynWCxRFQlrN1yGXyUo9/sascLp4qSKL5dFCvBPE/l6k4/X/JQ8t5tU5ifgBift4vtGyhVNH8OM480y9lK89N/7r/OpF5M/oyKt3/ekWmr/pA=","X-Forefront-Antispam-Report":"CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;\n IPV:NLI; SFV:NSPM; H:PA4PR04MB7743.eurprd04.prod.outlook.com; PTR:; CAT:NONE;\n SFS:(13230040)(366016)(1800799024)(10070799003)(376014)(56012099003)(18002099003)(22082099003);\n DIR:OUT; SFP:1101;","X-MS-Exchange-AntiSpam-MessageData-ChunkCount":"1","X-MS-Exchange-AntiSpam-MessageData-0":"=?utf-8?q?Au/M76Ezg1eeUAdgxTqkFYalaBJp?=\n\t=?utf-8?q?/CTw+aaKskHTR4SpZPxXUGylsO4tAORu6MOstrfQk8CGMnEIzFEJKVvMfGytEqVdD?=\n\t=?utf-8?q?/cAc5jqElPsZCypiVT+u9yAT7AdsqYHFPYz9NrmwnfNUex2s2qwie7gfvZlC7n/qI?=\n\t=?utf-8?q?77n5QxhpSpgt2ggeW3ThHcy2cP53SfnU8xspkMT7hRxryVLjC+wK46+M+wfYNcGrT?=\n\t=?utf-8?q?iQ4mHXlYrrgqviX7ID0zWHrXWJIYQUxLenvrX/tbs1BeiB7TwnyKD7ZmZre7+hfHE?=\n\t=?utf-8?q?JBGtgmxgPQi7VUPxTJSvYVzop9lhO+yJEVF6eea/06aFiRKn/Ww0j3x1GiDGdK3CX?=\n\t=?utf-8?q?RmoxzzLbNydb4YvVoLoTTQEaF0SWPb8HtU/qIDjj6NtwzBgArRQo4dlUV1PZ5KfvP?=\n\t=?utf-8?q?Wz28HJEdRTlVCfNKGDpGIteut3Qo+hrjs4aUrYLnooA48gcIz53pLMhRm22zAjlIx?=\n\t=?utf-8?q?e+e5Zxmfo25ASj/ts1FItES05qqSkp1Fug/cxhbDpIVsDDRpnaxldneP4PKrVSOd5?=\n\t=?utf-8?q?DIj+TlkKEXhO1hoeChzlFPNN1lC3R7oV+r3BqEDDPCzIWZG+a4NuDkkuKqGqZn3zP?=\n\t=?utf-8?q?xS3+pQKxO/DPzZxChUdvq+bWrdiGtNh661N5qv8EnaIs8VzUTbh1RgN1oC4mZ+zym?=\n\t=?utf-8?q?KR4V4v2P5UNdNtEwZaDuIPvoGjz34HF6MCVsmFYCqNDMJJBPlwSkMR6bWwOM4AQ/G?=\n\t=?utf-8?q?Geqhk3DhPwAYeQ7BgylrRvIfJ3qpEz6A3mlMbLhsgUr6lJLR87r/MMW+Kd/D4kvbG?=\n\t=?utf-8?q?KF5CDF/hlrGSGXn1jzu3MYOITfbshVEdGmcndkfO7i3lG+fhSK7VuR13rVcOhppbM?=\n\t=?utf-8?q?8y5IM0PDp7qprNmpSV0XNkr1rgvRlpMw0eJI1PwulMW23BYWCnusde9XRjfcRClOL?=\n\t=?utf-8?q?NbTG3RdKNJ4Z9a+J9GQbH+WWTOdjqLFluVM05c+pREx3o7ej9h+eGggozXeBsG/Dm?=\n\t=?utf-8?q?Ww16exyeYE5vK498S+Ub9Iuq7ArXAU8746Zvbx6/7ALHiDhePlrh5XUU8/S1yShbf?=\n\t=?utf-8?q?6i2CiZeGJkfOR743tVWQAlOHry6LSv0o3AGjIvneE2dlcTiRlRVn26mHZ6Xrsp7Fs?=\n\t=?utf-8?q?ZtJIKl0U73x03exlJWiJWhshWCFGv6HsaZPUU13y8xOUPGQEp26/feJgjJEtEX55K?=\n\t=?utf-8?q?Srrn0aCbq1l81BG+0Dufors2Hkh2xzDLMjNAWUVn1yFsue0LMQptujm1vxAyZrpwn?=\n\t=?utf-8?q?OA0BdZwhXwajpuQBzW6k8j7rZf2/2+0hBI09dGauQz1WKY6TfJ/F7QXo7mwHGwR9b?=\n\t=?utf-8?q?qp9zqslpvD5UnzEtOejP376ZUqtINvxWbUpiIWRn6QM71uvXcOLDghv00fGfhvFWp?=\n\t=?utf-8?q?hSAndSHddx913fVZubLfBjhZ8d0ccVK6dKJDBJGfJZLbk5EPPsSRqFKpMBb3Yf51w?=\n\t=?utf-8?q?HvRTYoSHhH2SdYX0uB273Cs5fswTjAtS7nqJdVhFA2zhCo910gxPT5LHOaxHY3JQF?=\n\t=?utf-8?q?YaAbmF6+9dr5XfTcz4uiKdBQZB0sgDw5QHysv8pLHbpz0aa/g0c3f+aInnfbJcwN/?=\n\t=?utf-8?q?+DN0CkCQry3FNCau3H7DpNaKDLxQgM1Ix04Doq4w93OmISoF2wMv1B/Qnn4bN81sU?=\n\t=?utf-8?q?61CDG1JfdDmhbGGLhrO6MGTfeUSLs7wok3uXG1A8SvmD6bwP2tRtB1Z1XYJcqN2h+?=\n\t=?utf-8?q?vxtE9eWQ/5pfShkd+Bv2FCwHzehjj+anymcJxJgMT9aG5R4mdW5U2szWjSs0U8cPV?=\n\t=?utf-8?q?wLUw3koPY?=","X-OriginatorOrg":"cherry.de","X-MS-Exchange-CrossTenant-Network-Message-Id":"\n b5f06a95-a927-41a0-3496-08dea4767401","X-MS-Exchange-CrossTenant-AuthSource":"PA4PR04MB7743.eurprd04.prod.outlook.com","X-MS-Exchange-CrossTenant-AuthAs":"Internal","X-MS-Exchange-CrossTenant-OriginalArrivalTime":"27 Apr 2026 16:03:00.0421 (UTC)","X-MS-Exchange-CrossTenant-FromEntityHeader":"Hosted","X-MS-Exchange-CrossTenant-Id":"5e0e1b52-21b5-4e7b-83bb-514ec460677e","X-MS-Exchange-CrossTenant-MailboxType":"HOSTED","X-MS-Exchange-CrossTenant-UserPrincipalName":"\n fMtqRxq9YQv6RiFYAKO8oGIiwESLRaxpca4+30m/EkmmRa/IJtA7DqRRfr69THNOTdlYR/siblPCyeNafu68qW+1xnUOGqzz4O6sQpk5pkI=","X-MS-Exchange-Transport-CrossTenantHeadersStamped":"AS8PR04MB8897","X-BeenThere":"u-boot@lists.denx.de","X-Mailman-Version":"2.1.39","Precedence":"list","List-Id":"U-Boot discussion ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Errors-To":"u-boot-bounces@lists.denx.de","Sender":"\"U-Boot\" ","X-Virus-Scanned":"clamav-milter 0.103.8 at phobos.denx.de","X-Virus-Status":"Clean"}},{"id":3683234,"web_url":"http://patchwork.ozlabs.org/comment/3683234/","msgid":"","list_archive_url":null,"date":"2026-04-28T08:21:02","subject":"Re: [PATCH 4/4] image-fit-sig: require signatures","submitter":{"id":90265,"url":"http://patchwork.ozlabs.org/api/people/90265/","name":"Ludwig Nussel","email":"ludwig.nussel@siemens.com"},"content":"On 4/27/26 18:02, Quentin Schulz wrote:\n> On 4/27/26 5:03 PM, Ludwig Nussel wrote:\n>> Signature nodes in the device tree are mandatory if u-boot is compiled\n>> with signature verification. Allowing signature verification to pass\n> \n> First, it's not enforced at build time and cannot, as it depends on the \n> binman FDT node to be properly configured. But we cannot do that, \n> because we don't know the user setup.\n> \n> You can (mis)configure U-Boot to do signature verification but forget to \n> add the signature to the SPL/proper DTB. Then it'll do nothing of \n> course. To be fair, I got bit by that very mistake recently so maybe \n> there's something to improve there indeed.\n> \n>> if those nodes are missing would leave the system fail open.\n>>\n> \n> Yeah but why would they be missing in the first place? It's not like \n> this is something you can modify if part of a secure boot. The DTB of \n> stage 1 is used to verify FIT from stage 2. You need to trust DTB of \n> stage 1 (by verifying it with stage 0, etc.) otherwise I can also simply \n> just change the public key in there.\n\nThe reason the keys might be missing in the DTB would be mostly \nmistakes. Oversight during rebase, some packaging mistake, etc. BTDT, \nconstantly fighting my own fat fingers :-)\n\ncu\nLudwig","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=siemens.com header.i=@siemens.com header.a=rsa-sha256\n header.s=selector2 header.b=tLfga44J;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)","phobos.denx.de;\n dmarc=pass (p=reject dis=none) header.from=siemens.com","phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de","phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=siemens.com header.i=@siemens.com header.b=\"tLfga44J\";\n\tdkim-atps=neutral","phobos.denx.de;\n dmarc=pass (p=reject dis=none) header.from=siemens.com","phobos.denx.de;\n spf=pass smtp.mailfrom=ludwig.nussel@siemens.com","dkim=none (message not signed)\n header.d=none;dmarc=none action=none header.from=siemens.com;"],"Received":["from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g4YL91brpz1yHv\n\tfor ; Tue, 28 Apr 2026 18:21:21 +1000 (AEST)","from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 86D7784255;\n\tTue, 28 Apr 2026 10:21:13 +0200 (CEST)","by phobos.denx.de (Postfix, from userid 109)\n id 49274842A2; Tue, 28 Apr 2026 10:21:12 +0200 (CEST)","from DB3PR0202CU003.outbound.protection.outlook.com\n (mail-northeuropeazlp170100001.outbound.protection.outlook.com\n [IPv6:2a01:111:f403:c200::1])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id 7236684150\n for ; Tue, 28 Apr 2026 10:21:06 +0200 (CEST)","from DB9PR10MB5019.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:2cc::12)\n by DU0PR10MB5511.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:317::5) with\n Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.26; Tue, 28 Apr\n 2026 08:21:03 +0000","from DB9PR10MB5019.EURPRD10.PROD.OUTLOOK.COM\n ([fe80::97ce:ff62:c0b8:4ed1]) by DB9PR10MB5019.EURPRD10.PROD.OUTLOOK.COM\n ([fe80::97ce:ff62:c0b8:4ed1%7]) with mapi id 15.20.9846.025; Tue, 28 Apr 2026\n 08:21:03 +0000"],"X-Spam-Checker-Version":"SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de","X-Spam-Level":"","X-Spam-Status":"No, score=-1.9 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,\n DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO,\n RCVD_IN_DNSWL_BLOCKED,SPF_HELO_PASS,SPF_NONE autolearn=ham\n autolearn_force=no version=3.4.2","ARC-Seal":"i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;\n b=tp+V/zJi2OArnKFCn+esCz/9vpVX+XYApCsNRNUyWnnbaN8oRoHHywLUzVfVwJD9vpu2rra7JfzgdXi9ZX02QTMLUkko5JBPpOQnZHCeGdFFrUJHVxl2HPXJNLwZKe5h9swLI6F/b/CLK/5QTWXiUP8rDtNBlzv/NRKYw+R5S5WcnC0DB++cNL6hP6uFfmLDAxyr7tt8Qgy8EnXMgum1OcMA9T9VIMgLzb1y8e3QRQcNPRkm4B9R5Xep1acebTl5+mNrcAfu+fRsG++YD0tdbbzI1uiizOH5y8q9H0k7BAFBNEddZvvut+ek1p1BWBNbxOlbsPdV2yFadrUfD+8Agw==","ARC-Message-Signature":"i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n s=arcselector10001;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;\n bh=7XRvhSXEziJDerL+qwwTbdtg9DsoNk4CCg4QD7M3GqI=;\n b=K/bUBaASLQLczjn1T2EB6leDPk4GLNGo7yVrVUqb4FBV25+M+VhCFaAB4V9euxTFMGWVOgNOdmWxs7iJzC+m6Kx3f5rXO8yzRyBO9fpckIYJwkfd1eY3/4H8D0Q5/E34ONOChRJAGlTeVsitCRGQUUhyRaau97Ik2DI5D29zrDdAPoSWTSBSQ/tdJYocUXNRRGdZ8ipDj/kLnhEVtesyrRncyiFKVffyY+B6Dt/Z3qaippHny08CxE2EztzjFa7qK01tjBRwYnevtq/p2f84Qrl9tvC7YfC3ew934CCAfrLZmiTukdZu2BOywWioJiAuAcljmuYHIo6EeEJXA0jGpA==","ARC-Authentication-Results":"i=1; mx.microsoft.com 1; spf=pass\n smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com;\n dkim=pass header.d=siemens.com; arc=none","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com;\n s=selector2;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n bh=7XRvhSXEziJDerL+qwwTbdtg9DsoNk4CCg4QD7M3GqI=;\n b=tLfga44J2CUSyqyWXT3L8luwep4ylpIdc230AwM23NJ+mgzeEijnMfHFopLF38ZiWbU0OXd784HRAUKMOxokvEZb+1XMdtlJOJZ2r3lswFj5MCZdZcfBfYgVKF+pmHJanNSiqiGQQro6gcGYDv8yFaqxUxHFHPm9sNRG2+LjBlyyQ0vkq1alcKDoSDmSisQ2M6XHTBD+4qg3znPLRbS9Zg9pbR0hSbBg6Cg81cQh/QMacwtOwbACFKT+28hKhtksPUn7CXctk3lf7zbvgq3zae7FH007tpNGTKpU0Po7DSUHtBbu+9bJxM2SdcsBus2lfeXOs1yr6kqdOJ4hIzR8tA==","Message-ID":"","Date":"Tue, 28 Apr 2026 10:21:02 +0200","User-Agent":"Mozilla Thunderbird","Subject":"Re: [PATCH 4/4] image-fit-sig: require signatures","To":"Quentin Schulz , u-boot@lists.denx.de","Cc":"Simon Glass , Tom Rini ","References":"<20260427150409.400914-1-ludwig.nussel@siemens.com>\n <20260427150409.400914-4-ludwig.nussel@siemens.com>\n ","Content-Language":"en-US","From":"Ludwig Nussel ","In-Reply-To":"","Content-Type":"text/plain; charset=UTF-8; format=flowed","Content-Transfer-Encoding":"7bit","X-ClientProxiedBy":"FR4P281CA0330.DEUP281.PROD.OUTLOOK.COM\n (2603:10a6:d10:eb::8) To DB9PR10MB5019.EURPRD10.PROD.OUTLOOK.COM\n (2603:10a6:10:2cc::12)","MIME-Version":"1.0","X-MS-PublicTrafficType":"Email","X-MS-TrafficTypeDiagnostic":"DB9PR10MB5019:EE_|DU0PR10MB5511:EE_","X-MS-Office365-Filtering-Correlation-Id":"88f48ea2-9394-4b70-174a-08dea4ff1663","X-MS-Exchange-AtpMessageProperties":"SA","X-MS-Exchange-SenderADCheck":"1","X-MS-Exchange-AntiSpam-Relay":"0","X-Microsoft-Antispam":"BCL:0;\n ARA:13230040|376014|366016|1800799024|22082099003|18002099003|56012099003|55112099003;","X-Microsoft-Antispam-Message-Info":"\n Pzeigh23o3geczYcQKXhBzmKe1klwb1ynYMawwbL08rY0nSYgi5pV8EL/coGcqXaOU2xzBz1WiuULy4jGnYhJ7WxP5bw3Rlw0o8HlNY5YcIZX+YdBagie3GyrDlSDoYgUFSaYBpPqUd+xcilmNHA7dsA+DHg6F6JhGpICDuAJYdoL6aIe7NGboVYdCtTsBl5epuz2NEuxN1t60F1wlZwAqT3NEhcwQ0/kznrmWcJdePkDSRWTJ7ZDn3LqxvwH0qsdMHrvly2cNAZg3kO4Ne2MRaYvLWxBGjD32kcE7DGaak8D9nsepHd7K2+iMKHPbIB4jJtTq1sr0+vIxrq2QkQZHNi9GXHOWJ2To7x0sgBJRAyDF+8tujIB+V5GEfMZ1Rn1AxO5BTmJfwtPTYG4Qk9zqvQDLawhCljfu4XZYjZDowtV0oDq+qYjpPtRgzeJdi9Y7RZ58swQua5od7nlGmNN9PSAXPzu9exZcU6occ/0IwjKnxasihsDjednJLIZUx7a5LoWJU9B0BtevST8vrejMnZzqHlcJa3IgpIaPFI8ftgTBHhEC/FFSdM6323DuhDTvZTw99ppYAemnESpbW9uM45Oyw01oSyEUC/RK0HIFxa+wVR2dfwkIHSplBezBZ+XTtrdBCt1ybb+5zKA/WJ6Gs5YDasmJ4WZfQ0CS3Ij/1lhZeaS4nwtkODQrzD4kTD","X-Forefront-Antispam-Report":"CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;\n IPV:NLI; SFV:NSPM; H:DB9PR10MB5019.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE;\n SFS:(13230040)(376014)(366016)(1800799024)(22082099003)(18002099003)(56012099003)(55112099003);\n DIR:OUT; SFP:1101;","X-MS-Exchange-AntiSpam-MessageData-ChunkCount":"1","X-MS-Exchange-AntiSpam-MessageData-0":"=?utf-8?q?gJ7NUYTg/VgwVWeQIuXI7UfELDNV?=\n\t=?utf-8?q?FhIKcfPC1jYJYZKnW89Q9hpsdXRYTfULPsNI2R7epVh+CXyMHKjbRc2bHMtnd+fgf?=\n\t=?utf-8?q?0FGurKmKRh3W07JSIVjbwH8/N/G308kr0GJ3MZAZ4yHO8HLkKZcn/dlceYdbsk4qi?=\n\t=?utf-8?q?8j2HDWE3Env6ves/+L4ESzWCPeuIxZ2nKoezz9CJVNh3rMTqQUJe85PR0S7ZoizDP?=\n\t=?utf-8?q?ezOv9ycsDpaJ80utLtpyKbI0+VqmSua1uvSVk2Mbe4PFnP0RRaY5zejj5yPW5RE59?=\n\t=?utf-8?q?qC5O1NOHEZOw0bZFXBVAMZxB9kvnkMTasDa+4kFd4u8QV+LgDnxF2bWgTnR0IeDJ4?=\n\t=?utf-8?q?Yx/SzUj9bdN/fW9C60CLILhPDWBcGcZW9wR9ORiqcJP082R3nyugbdvO54yFuNiI4?=\n\t=?utf-8?q?Sm83kjCA5MtJYTnUfes1EbbV3Q5Rl1ix8JthsARv5eV14FhOUIwvSYzRTwe671sN8?=\n\t=?utf-8?q?PlgNbUPW7a07Gy3Cd9lS/8bxNv/Wc6YGoGWkExrYsSosFK3HB+g0rycYWPofyTKu7?=\n\t=?utf-8?q?c/9Lg6dLEnCPp78u/XwcLd9ten0QK9FEb2BzmEUgSUHmE5fp5a4o3JKKddvaa5jbE?=\n\t=?utf-8?q?o8xZ/V4zXXdcxBrwjENFKHmvmuPiEqFnLY2/yVg8krrHTvm1Nm81kWbC1j1bK9WO4?=\n\t=?utf-8?q?M1aQpbBJGVeGdTqscBpySUul4AWzdT1kLawpm1CN2jAVmnT+TR1EqeVaN/D0DeXVL?=\n\t=?utf-8?q?/8gK7KtdUcH8XhanILNnCJmcNcBrlmb7nc20ZaF1BqqOi+IviT0CVQ7itzTpBhl0Y?=\n\t=?utf-8?q?vAIO3c2jvOtkU/BdaEO2Xp5DQoRmSyA9tti5kzE0DsXJsedcQISjHyCGrKd1VlGL9?=\n\t=?utf-8?q?ZGCkxyEqsu1DnWowOwHGAEPKjw6S6OSITClgvgfl/htN5pWkddPwSxVmhTgY03iVP?=\n\t=?utf-8?q?xjdI53u/BUk56DfLOEf7TITkmGlum5OlSa3YjoWDNcrzw3sQIY1lhTkP4epRgYhdh?=\n\t=?utf-8?q?7PEFun+s3YRhI2Hmo2uw5vYYzFRhj3uRsVF3oYGeIm/UwPAuVLEbs/9+2Ip00fgaI?=\n\t=?utf-8?q?hNYnHg2YdJ1cn5ykrPaVMD0FZBwWh9AWL0ouxHK33tPOazz1zVBemXiiE02+aGXIT?=\n\t=?utf-8?q?o9cPLCl0APEz1gEFbeCBvHVENEWh2VgPy/0ScSUdV2U/9zYszjZsqrDZzW2cazFSx?=\n\t=?utf-8?q?01LE1RRDKauok3uKfOVnp/G4vND0ygJ8DOnjKd+lzM3HynnFF9X4WzsgSLqyqkzZD?=\n\t=?utf-8?q?Czo7X7hp6W55wX8YM4DcQIpZrvnLEWGxRFSHvc+d88CDEpAnMGZI6gCl6oUaNqtsx?=\n\t=?utf-8?q?PtnXuCn7v8ZtETeI2y7Q0WsWW2K9v4zF9Uly1Hp5JXTXxrIeEoUzwu46Dkh3cpJT2?=\n\t=?utf-8?q?m84IsxQ+cViSGwNVpOdw7Jle3kiLCyyx1LqErGAxcbH8cv4bktmFB70m7KLgw4DMX?=\n\t=?utf-8?q?0ZDckALxeiN/pmpN1hjtH4idWBIN/hKQF0mxsHb1Q+gyRCStOz8UEFSeMXhu5BL0C?=\n\t=?utf-8?q?DxlrU+TGym+xtB8BwE0dFpoLDX31pa4sqZYDxG+pVjw4W+WfLF4LQoihbK65w32TJ?=\n\t=?utf-8?q?Kxce469WqfYrnwIY+jRNBAYynw8jIXtOVP9Hm+MpjXJfszdXtdGudmKryK42H/a6E?=\n\t=?utf-8?q?fxGRq89OMwFY/M3RqcofAilq6xzGmpeQcT1Idnvd8I92Zt48h9ydoOT69hiuBbu0N?=\n\t=?utf-8?q?3qUEoPOfaZv5bwtUxoM9DmpAV5CCXO7RoHM3nQE9EdU9HCammkIyk=3D?=","X-OriginatorOrg":"siemens.com","X-MS-Exchange-CrossTenant-Network-Message-Id":"\n 88f48ea2-9394-4b70-174a-08dea4ff1663","X-MS-Exchange-CrossTenant-AuthSource":"DB9PR10MB5019.EURPRD10.PROD.OUTLOOK.COM","X-MS-Exchange-CrossTenant-AuthAs":"Internal","X-MS-Exchange-CrossTenant-OriginalArrivalTime":"28 Apr 2026 08:21:03.3828 (UTC)","X-MS-Exchange-CrossTenant-FromEntityHeader":"Hosted","X-MS-Exchange-CrossTenant-Id":"38ae3bcd-9579-4fd4-adda-b42e1495d55a","X-MS-Exchange-CrossTenant-MailboxType":"HOSTED","X-MS-Exchange-CrossTenant-UserPrincipalName":"\n bKQ75b1IM33qSzVNDbKb8a7bjgvhMFobDWGWobSgPloGAZDfHhinaXXgxCJmzIqqKO9EYih5s8ePKGMJ7X5oP9AV3lSOw/3cGGo6faw6qSk=","X-MS-Exchange-Transport-CrossTenantHeadersStamped":"DU0PR10MB5511","X-BeenThere":"u-boot@lists.denx.de","X-Mailman-Version":"2.1.39","Precedence":"list","List-Id":"U-Boot discussion ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Errors-To":"u-boot-bounces@lists.denx.de","Sender":"\"U-Boot\" ","X-Virus-Scanned":"clamav-milter 0.103.8 at phobos.denx.de","X-Virus-Status":"Clean"}}]