Hope you are doing well and everything is going good at your end. I am using Raspi 4B and Compute Model 4 and trying to configure U-boot with Verified boot support, *but while booting the signing of the configuration is not being checked*. I am using the latest master branch from GitHub. https://github.com/u-boot/u-boot
We have checked the signature verification via the *"fit_check_sign" *utility that comes with u-boot and it does verify the configuration of the signature so, I am sure that the image is signed properly and the Control FDT is good as well.
[image: fit_check_sign.png]
but while booting, it doesn't check the signature of the configuration. It should be showing "*Verifying Hash Integrity ... sha1,rsa2048:dev+ OK*" [image: image.png]
*I believe that maybe I am not adding Control FDT in the U-boot binary properly.* Following is the command that I am using to add control FDT to U-boot.
$ make EXT_DTB=bcm2711-rpi-4-b-pubkey.dtb -j8 I have also tried $ make DEV_TREE_BIN=bcm2711-rpi-4-b-pubkey.dtb -j8
The bytes size of the u-boot.bin and u-boot-nodtb.bin after using both the above commands is the same.
Attached is the FIT source file, rpi_4_defconfig and the control FDT file. Also, the following has been added in configs/rpi_4_defconfig.
CONFIG_OF_CONTROL=y CONFIG_FIT=y CONFIG_FIT_SIGNATURE=y CONFIG_RSA=y
*Can you please help me with how to add Control FDT to the U-boot.bin binary or what can be the reason that it isn't checking the signature of the configuration while booting? Any kind of help would be really appreciated.*