Hi Diego,
Hi,
I would like to ask if it is possible to source a script after verifying its signature.
Currently I've been able to source a script from a signed FIT image, before doing "bootm", with: source <addr>:<name> But this way the signature is not checked yet, so the script cannot be trusted.
According to the docs[1] it seems that it's not possible yet to verify a FIT image signature without also booting the corresponding image. Is that right?
You can look into the "spl" command, which does the FIT parsing (to prepare data for falcon mode booting).
You may want to re-use such "dry-run" feature to verify the signature, extract the script and use it.
(And yes, I don't think that checking the signature for script works out of the box).
[1] https://gitlab.denx.de/u-boot/u-boot/blob/v2019.10/doc/uImage.FIT/signature....
Thank you, Diego Rondini
Best regards,
Lukasz Majewski
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-59 Fax: (+49)-8142-66989-80 Email: lukma@denx.de