From: Tom Rini Date: Tue, 1 Jul 2025 16:52:04 +0000 (-0600) Subject: Merge patch series "binman: properly error out if path provided to key-name-hint... X-Git-Tag: v2025.10-rc1~134^2~4 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cbb5672790d400e9ec6e9fceaf89ece2660c0117;p=thirdparty%2Fu-boot.git Merge patch series "binman: properly error out if path provided to key-name-hint in signature nodes" Quentin Schulz says: I misunderstood the documentation and put the signing key in a keys/ directory while setting key-name-hint property in the signature node and u-boot-spl-pubkey-dtb to a path. mkimage doesn't fail if it cannot find the public key when signing a FIT but returns something on stderr to notify the user it couldn't find the key. The issue is that bintool currently discards stderr if the command successfully returns, so the FIT is not signed AND the user isn't made aware of it unless the image is manually inspected. mkimage does fail when trying to insert a public key in a DTB if it isn't found but we can have a better error message. Link: https://lore.kernel.org/r/20250418-binman-pubkey-dir-v2-0-b6b90a765ffe@cherry.de --- cbb5672790d400e9ec6e9fceaf89ece2660c0117 diff --cc tools/binman/etype/fit.py index ed3cac4ee7e,284b19c4b88..db40479d30e --- a/tools/binman/etype/fit.py +++ b/tools/binman/etype/fit.py @@@ -562,7 -563,11 +563,9 @@@ class Entry_fit(Entry_section) for subnode in node.subnodes: if (subnode.name.startswith('signature') or subnode.name.startswith('cipher')): - if subnode.props.get('key-name-hint') is None: - continue hint = subnode.props['key-name-hint'].value + if '/' in hint: + self.Raise(f"'{hint}' is a path not a filename") name = tools.get_input_filename( f"{hint}.key" if subnode.name.startswith('signature') else f"{hint}.bin")