11 Jan
2023
11 Jan
'23
3:17 a.m.
On Fri, Dec 23, 2022 at 07:15:25PM -0600, Bryan Brattlof wrote:
In order to maintain the chain of trust, each stage of the boot process will first authenticate each binary it loads before continuing. To extend this to the kernal and its dtbs we can package the kernal and its dtbs into another fitImage for Uboot to authenticate and extend the chain of trust all the way to the kernel.
When 'boot_fit' is set, indicating we're using the secure bootflow, look for and authenticate the kernel's fitImage.
Signed-off-by: Judith Mendez jm@ti.com Signed-off-by: Bryan Brattlof bb@ti.com
Applied to u-boot/master, thanks!
--
Tom