The compiled-in keys can be retrieved with rsa_get_key(). Try to use them first before falling back to looking up the keys in the device tree. Signed-off-by: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx> --- common/image-fit.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/common/image-fit.c b/common/image-fit.c index 71053fbef5..ca4d9ca10c 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -287,16 +287,21 @@ static int fit_check_rsa_signature(struct device_node *sig_node, pr_err("key name not found in %s\n", sig_node->full_name); return -EINVAL; } - key_path = xasprintf("/signature/key-%s", key_name); - key_node = of_find_node_by_path(key_path); - if (!key_node) { - pr_info("failed to find key node %s\n", key_path); + + key = rsa_get_key(key_name); + if (IS_ERR(key)) { + key_path = xasprintf("/signature/key-%s", key_name); + key_node = of_find_node_by_path(key_path); + if (!key_node) { + pr_info("failed to find key node %s\n", key_path); + free(key_path); + return -ENOENT; + } free(key_path); - return -ENOENT; + + key = rsa_of_read_key(key_node); } - free(key_path); - key = rsa_of_read_key(key_node); if (IS_ERR(key)) { pr_info("failed to read key in %s\n", key_node->full_name); return -ENOENT; -- 2.23.0 _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox