diff --git a/src/repart/repart.c b/src/repart/repart.c index fe98893f39..f2bc5bc80e 100644 --- a/src/repart/repart.c +++ b/src/repart/repart.c @@ -2487,14 +2487,6 @@ static int partition_read_definition(Partition *p, const char *path, const char return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EINVAL), "Encrypting verity hash/data partitions is not supported."); - if (p->verity == VERITY_SIG && !arg_private_key && !partition_type_defer(&p->type)) - return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EINVAL), - "Verity signature partition requested but no private key provided (--private-key=)."); - - if (p->verity == VERITY_SIG && !arg_certificate && !partition_type_defer(&p->type)) - return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EINVAL), - "Verity signature partition requested but no PEM certificate provided (--certificate=)."); - if (p->verity == VERITY_SIG && (p->size_min != UINT64_MAX || p->size_max != UINT64_MAX)) return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EINVAL), "SizeMinBytes=/SizeMaxBytes= cannot be used with Verity=%s.", @@ -5062,6 +5054,14 @@ static int partition_format_verity_sig(Context *context, Partition *p) { if (PARTITION_EXISTS(p)) return 0; + if (!context->private_key) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "Verity signature partition signing requested but no private key provided (--private-key=)."); + + if (!context->certificate) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "Verity signature partition signing requested but no PEM certificate provided (--certificate=)."); + (void) partition_hint(p, context->node, &hint); assert_se(hp = p->siblings[VERITY_HASH]);