On Fri, Oct 27, 2017 at 03:04:20PM +0900, Masahiro Yamada wrote:
If -K option is missing when you sign image nodes, it fails with an unclear error message:
tools/mkimage Can't add hashes to FIT blob: -1
It is hard to figure out the cause of the failure.
In contrast, when you sign configuration nodes, -K is optional because fit_config_process_sig() returns successfully if keydest is unset. Probably this is a preferred behavior when you want to update FIT with the same key; you do not have to update the public key in this case.
So, this commit changes fit_image_process_sig() to continue signing without keydest. If ->add_verify_data() fails, show a clearer error message, which has been borrowed from fit_config_process_sig().
Signed-off-by: Masahiro Yamada yamada.masahiro@socionext.com
Applied to u-boot/master, thanks!