+ if (task->verify_signature) {
+ if (load_pending(task->image_signature) ||
+ load_pending(task->initrd_signature) ||
+ load_pending(task->dtb_signature) ||
+ load_pending(task->cmdline_signature))
+ return;
+ }
+ if (task->decrypt_files) {
+ if (load_pending(task->cmdline_signature))
+ return;
+ }
+
+ if (task->verify_signature) {
+ if (check_load(task, "kernel image signature",
+ task->image_signature) ||
+ check_load(task, "initrd signature",
+ task->initrd_signature) ||
+ check_load(task, "dtb signature",
+ task->dtb_signature) ||
+ check_load(task, "command line signature",
+ task->cmdline_signature))
+ goto no_sig_load;
+ }
+ if (task->decrypt_files) {
+ if (load_pending(task->cmdline_signature))
+ return;
+
+ if (check_load(task, "command line signature",
+ task->cmdline_signature))
+ goto no_decrypt_sig_load;
+ }
+
+ /* we make a copy of the local paths, as the boot hooks might update
+ * and/or create these */
+ task->local_image = task->image ? task->image->local : NULL;
+ task->local_initrd = task->initrd ? task->initrd->local : NULL;
+ task->local_dtb = task->dtb ? task->dtb->local : NULL;
+
+ if (task->verify_signature) {
+ task->local_image_signature = task->image_signature ?
+ task->image_signature->local : NULL;
+ task->local_initrd_signature = task->initrd_signature ?
+ task->initrd_signature->local : NULL;
+ task->local_dtb_signature = task->dtb_signature ?
+ task->dtb_signature->local : NULL;
+ }
+ if (task->verify_signature || task->decrypt_files) {
+ task->local_cmdline_signature = task->cmdline_signature ?
+ task->cmdline_signature->local : NULL;
+ }
+