From 9269d78320c542935a87f07675893537e672908d Mon Sep 17 00:00:00 2001
From: Tim Gover <tim.gover@raspberrypi.com>
Date: Mon, 7 Nov 2022 09:37:15 +0000
Subject: [PATCH] Align rpi-eeprom-digest with usbboot

---
 rpi-eeprom-digest | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/rpi-eeprom-digest b/rpi-eeprom-digest
index 1a2dbe8..3499752 100755
--- a/rpi-eeprom-digest
+++ b/rpi-eeprom-digest
@@ -26,13 +26,15 @@ checkDependencies() {
       die "sha256sum not found. Try installing the coreutilities package."
    fi
 
-   if ! command -v openssl > /dev/null; then
-      die "openssl not found. Try installing the openssl package."
-   fi
+   if [ -n "${KEY}" ] || [ "${VERIFY}" = 1 ]; then
+       if ! command -v openssl > /dev/null; then
+          die "openssl not found. Try installing the openssl package."
+       fi
 
-   if ! command -v xxd > /dev/null; then
-      die "xxd not found. Try installing the xxd package."
-   fi
+       if ! command -v xxd > /dev/null; then
+          die "xxd not found. Try installing the xxd package."
+       fi
+   fi 
 }
 
 usage() {
@@ -91,10 +93,9 @@ verifySig() {
    sig_file="${1}"
    [ -f "${sig_file}" ] || die "Signature file ${sig_file} not found"
    sig_hex="$(grep rsa2048 "${sig_file}" | cut -f 2 -d ' ')"
-   echo ${sig_hex} | xxd -c 4096 -p -r > "${TMP_DIR}/sig.bin"
-
    [ -n "${sig_hex}" ] || die "No RSA signature in ${sig_file}"
-   sha256=$(sha256sum "${IMAGE}" | awk '{print $1}')
+
+   echo ${sig_hex} | xxd -c 4096 -p -r > "${TMP_DIR}/sig.bin"
    "${OPENSSL}" dgst -verify "${KEY}" -signature "${TMP_DIR}/sig.bin" "${IMAGE}" || die "${IMAGE} not verified"
 }