[PATCH] crypto: public-keys: improve diagnostics for unsupported keys

[PATCH] crypto: public-keys: improve diagnostics for unsupported keys

[Ahmad Fatoum]

If we have CONFIG_CRYPTO_RSA disabled, we will compile in the keys, but
not use them and fail at FIT verification time with a confusing
image signature BAD.

Improve upon this by mentioning both at init and verification time
whether keys are usable or not.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 common/image-fit.c   | 5 ++++-
 crypto/public-keys.c | 4 +++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/common/image-fit.c b/common/image-fit.c
index 2cde844e46a6..5272d9654a43 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -260,6 +260,7 @@ static struct digest *fit_alloc_digest(struct device_node *sig_node,
 static int fit_check_signature(struct device_node *sig_node,
 			       enum hash_algo algo, void *hash)
 {
+	const char *fail_reason = "no built-in keys";
 	const struct public_key *key;
 	const char *key_name = NULL;
 	int sig_len;
@@ -283,6 +284,8 @@ static int fit_check_signature(struct device_node *sig_node,
 	}
 
 	for_each_public_key(key) {
+		fail_reason = "verification failed";
+
 		if (key_name && !strcmp(key->key_name_hint, key_name))
 			continue;
 
@@ -291,7 +294,7 @@ static int fit_check_signature(struct device_node *sig_node,
 			goto ok;
 	}
 
-	pr_err("image signature BAD\n");
+	pr_err("image signature BAD: %s\n", fail_reason);
 
 	return -EBADMSG;
 ok:
diff --git a/crypto/public-keys.c b/crypto/public-keys.c
index fba963db4eb8..0c27ddd70902 100644
--- a/crypto/public-keys.c
+++ b/crypto/public-keys.c
@@ -94,8 +94,10 @@ static int init_public_keys(void)
 	for (iter = __public_keys_start; iter != __public_keys_end; iter++) {
 		struct public_key *key = public_key_dup(iter);
 
-		if (!key)
+		if (!key) {
+			pr_warn("error while adding key\n");
 			continue;
+		}
 
 		public_key_add(key);
 	}
-- 
2.39.5