Hi Vikas,
On Sun, Sep 22, 2013 at 1:16 PM, Vikas N Kumar vikas@vikaskumar.org wrote:
Hi I am trying to get verified boot working for the Beaglebone Black (BBB) and have gotten the FIT image part working with a kernel and an FDT blob for the BBB.
However, I am a little confused by the documentation which says that u-boot also needs an FDT blob (with CONFIG_OF_CONTROL) to embed the RSA public key.
I have a few questions that might not be related to each other but can help me complete my work:
- Is this uboot FDT control blob the same as the FDT blob in the FIT
image for booting the kernel or are these 2 separate blobs pointing to the same hardware ?
They are different, or at least are normally different. The control FDT is used for configuration in U-Boot. But if you have a Beaglebone Black device tree you use for the kernel, you can use the same one for U-Boot.
- Can the uboot FDT blob be empty in the sense that all it does is store
a public key and all the machine specific stuff is in the uboot image itself as it is done today for the BBB ?
Yes
- Can one embed the public key in u-boot without using an FDT blob ?
There is a CONFIG_OF_EMBED which embeds a device tree file into the U-Boot binary, but this is intended only for debugging. It is better to use u-boot-dtb.bin or 'cat u-boot.bin u-boot.dtb > image.bin' to append the device tree to U-Boot.
It would be possible to implement a feature to put the public key elsewhere if you really don't want a device tree in U-Boot.
Regards, Simon
Thanks _vicash_