The compiled-in keys can be retrieved with rsa_get_key(). Try to use
them first before falling back to looking up the keys in the device
tree.
Signed-off-by: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>
---
common/image-fit.c | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git a/common/image-fit.c b/common/image-fit.c
index 71053fbef5..ca4d9ca10c 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -287,16 +287,21 @@ static int fit_check_rsa_signature(struct device_node *sig_node,
pr_err("key name not found in %s\n", sig_node->full_name);
return -EINVAL;
}
- key_path = xasprintf("/signature/key-%s", key_name);
- key_node = of_find_node_by_path(key_path);
- if (!key_node) {
- pr_info("failed to find key node %s\n", key_path);
+
+ key = rsa_get_key(key_name);
+ if (IS_ERR(key)) {
+ key_path = xasprintf("/signature/key-%s", key_name);
+ key_node = of_find_node_by_path(key_path);
+ if (!key_node) {
+ pr_info("failed to find key node %s\n", key_path);
+ free(key_path);
+ return -ENOENT;
+ }
free(key_path);
- return -ENOENT;
+
+ key = rsa_of_read_key(key_node);
}
- free(key_path);
- key = rsa_of_read_key(key_node);
if (IS_ERR(key)) {
pr_info("failed to read key in %s\n", key_node->full_name);
return -ENOENT;
--
2.23.0
_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox
