On Sunday 26 February 2023 01:56:23 Martin Rowe wrote:
On Sat, 25 Feb 2023 at 21:16, Pali Rohár pali@kernel.org wrote:
I think that the remaining part is to patch linux DTB file at runtime for emmc support. So if u-boot mmc device is of eMMC type then fixup linux dtb file and others do nothing.
One question I didn't think of when suggesting this: does runtime patching the kernel's dtb break signed/verified booting
I do not think so. Signature verification should be done before patching.
The reason I ask is because we now only need to patch the kernel dtb, not the u-boot one. If we needed to do both, then it would make sense to handle them in the same way through u-boot. The barrier to creating a patched kernel dtb file on its own is very low, so I'm not sure adding some "magic" to u-boot to make it work is the best solution, especially if it might break verified boot.