image-fit-sig: skip in tools build if key is missing

Skip signature verification in case no public key was given in order to allow using fit_check_sign also to validate uImage.FIT images without signatures. Guarded by USE_HOSTCC macro the behavior on target is unchanged. Signed-off-by: Daniel Golle <[email protected]>
author: Daniel Golle <[email protected]> 2025-03-29 23:23:51 +0000
committer: Tom Rini <[email protected]> 2025-04-10 20:55:53 -0600
commit: 40dcd5088b7f64ee2841c233c8ab82ce9c188d73 (patch)
tree: 78d87bf80c58515846b71629555b15f75472a0d0 /boot
parent: 2a6d7ad24d347a34eb9e62f4afcaf36be28936ff (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/boot/image-fit-sig.c b/boot/image-fit-sig.c
index a121de60ae2..f23e9d5d0b0 100644
--- a/boot/image-fit-sig.c
+++ b/boot/image-fit-sig.c
@@ -191,6 +191,11 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset,
 	int noffset;
 	int key_node;
 
+#ifdef USE_HOSTCC
+	if (!key_blob)
+		return 0;
+#endif
+
 	/* Work out what we need to verify */
 	*no_sigsp = 1;
 	key_node = fdt_subnode_offset(key_blob, 0, FIT_SIG_NODENAME);
@@ -477,6 +482,11 @@ static int fit_config_verify_required_keys(const void *fit, int conf_noffset,
 	bool reqd_policy_all = true;
 	const char *reqd_mode;
 
+#ifdef USE_HOSTCC
+	if (!key_blob)
+		return 0;
+#endif
+
 	/*
 	 * We don't support this since libfdt considers names with the
 	 * name root but different @ suffix to be equal
author	Daniel Golle <[email protected]>	2025-03-29 23:23:51 +0000
committer	Tom Rini <[email protected]>	2025-04-10 20:55:53 -0600
commit	40dcd5088b7f64ee2841c233c8ab82ce9c188d73 (patch)
tree	78d87bf80c58515846b71629555b15f75472a0d0 /boot
parent	2a6d7ad24d347a34eb9e62f4afcaf36be28936ff (diff)