Hi I am trying to get verified boot working for the Beaglebone Black (BBB) and have gotten the FIT image part working with a kernel and an FDT blob for the BBB.
However, I am a little confused by the documentation which says that u-boot also needs an FDT blob (with CONFIG_OF_CONTROL) to embed the RSA public key.
I have a few questions that might not be related to each other but can help me complete my work:
- Is this uboot FDT control blob the same as the FDT blob in the FIT image for booting the kernel or are these 2 separate blobs pointing to the same hardware ?
- Can the uboot FDT blob be empty in the sense that all it does is store a public key and all the machine specific stuff is in the uboot image itself as it is done today for the BBB ?
- Can one embed the public key in u-boot without using an FDT blob ?
Thanks _vicash_