This serie fix an issue with the required key on rsa signature. If a required key is defined, only FIT signed with this key should be accepted. right now, there is an issue with required key, u-boot may used others key than required key.
The first commit add a test in vboot to check that u-boot don't allow FIT with another key than the required key. This test fails and show the issue. The second commit fix this issue with required key, so the test with required key succeed.
Daniele Alessandrelli (1): rsa: Return immediately if required-key verification fails
Philippe Reynes (1): pytest: vboot: add a test for required key
lib/rsa/rsa-verify.c | 3 +- test/py/tests/test_vboot.py | 57 ++++++++++++++++++++++ .../tests/vboot/sign-configs-sha256-pss-prod.its | 46 +++++++++++++++++ 3 files changed, 104 insertions(+), 2 deletions(-) create mode 100644 test/py/tests/vboot/sign-configs-sha256-pss-prod.its