Hello,
I am currently attempting to utilize Verified Boot to verify FIT images on my T104x-based device. I am building U-Boot with the standard options for Verified Boot (CONFIG_FIT, CONFIG_FIT_SIGNATURE, CONFIG_RSA, CONFIG_OF_CONTROL and CONFIG_OF_SEPARATE).
When building U-Boot I need to supply a DTB image at build time. However, the device I am targetting may have a number of different configurations. This has been manged previously by using a single version of U-Boot and loading different FIT images containing different DTBs based on how the device will be used.
Does the DTB supplied to U-Boot at build time have to be "fully-featured"? Can it be a dummy DTB containing minimal nodes just for the purpose of storing the key contents for Verified Boot?
Kind regards,
BDG
________________________________
[cid:image28dcb9.JPG@434a8dea.4eb6ff24] http://www.ncipher.com Bradley Gamble Software Engineer Tel: +44 1293 580000
nCipher Security Manor Royal Crawley RH10 9HA United Kingdom
www.ncipher.comhttp://www.ncipher.com
[cid:imagec22e21.JPG@371fb8cf.429ceea3]https://www.ncipher.com/2020/global-encryption-trends-study?utm_source=email-signature&utm_medium=email&utm_campaign=2020_04-GETS-Internal
