Hi Tiger,
On Thu, Jan 31, 2013 at 3:36 AM, TigerLiu@viatech.com.cn wrote:
Hi, experts:
It seems mkimage has supported signing a image.
This code is not yet merged, as you have discovered.
So, I have a question about signed linux kernel image:
if kernel image is signed by mkimage tool.Could uboot verify this signed linux kernel image bf jumping to its entry point function?
Yes the bootm command will do this automatically.
if uboot could verify the signed linux kernel imagehow to management these different vendors' public keys in uboot code? Using env variable?
The keys are not easily kept in an environment variable as we have several bits of information.
In the current implementation the device tree is used, so you need to enable CONFIG_OF_CONTROL. Then mkimage will put the public keys in the FDT, and you attach that to U-Boot.
Multiple keys are supported and it is possible to sign the same image with several different keys. Keys can be marked 'required' so that they must verify.
What platform/board are you using?
Regards, Simon
Best wishes,
U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot