Revert "image-fit: Fix signature checking"

This reverts commit 84ca65aa4bd0d03867e9e49805201d0564d3ffb0. On signature verification failures fit_image_verify() should NOT exit with error. Only keys marked 'required' can cause image verification failure. This logic is already there and works correctly. Add a comment to make this clear. Fixes: 84ca65aa (image-fit: Fix signature checking) Signed-off-by: Simon Glass <sjg@chromium.org>
author: Simon Glass <sjg@chromium.org> 2016-02-24 09:14:43 -0700
committer: Simon Glass <sjg@chromium.org> 2016-02-26 08:53:10 -0700
commit: 2e33e761656f30651ed9ae16ecdbd5117d51d7d2 (patch)
tree: b188acd238807c91d709fed57efb36dca62734fd /common
parent: 7a80de464167ec45fdb70f63d83d07f7c2c57b82 (diff)
download: talos-obmc-uboot-2e33e761656f30651ed9ae16ecdbd5117d51d7d2.tar.gz
talos-obmc-uboot-2e33e761656f30651ed9ae16ecdbd5117d51d7d2.zip
1 files changed, 8 insertions, 3 deletions
diff --git a/common/image-fit.c b/common/image-fit.c
index d3fad30c34..fbd9e0d770 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -1035,10 +1035,15 @@ int fit_image_verify(const void *fit, int image_noffset)
 					strlen(FIT_SIG_NODENAME))) {
 			ret = fit_image_check_sig(fit, noffset, data,
 							size, -1, &err_msg);
-			if (ret) {
+
+			/*
+			 * Show an indication on failure, but do not return
+			 * an error. Only keys marked 'required' can cause
+			 * an image validation failure. See the call to
+			 * fit_image_verify_required_sigs() above.
+			 */
+			if (ret)
 				puts("- ");
-				goto error;
-			}
 			else
 				puts("+ ");
 		}
author	Simon Glass <sjg@chromium.org>	2016-02-24 09:14:43 -0700
committer	Simon Glass <sjg@chromium.org>	2016-02-26 08:53:10 -0700
commit	2e33e761656f30651ed9ae16ecdbd5117d51d7d2 (patch)
tree	b188acd238807c91d709fed57efb36dca62734fd /common
parent	7a80de464167ec45fdb70f63d83d07f7c2c57b82 (diff)
download	talos-obmc-uboot-2e33e761656f30651ed9ae16ecdbd5117d51d7d2.tar.gz talos-obmc-uboot-2e33e761656f30651ed9ae16ecdbd5117d51d7d2.zip