[U-Boot] booting signed Images
Simon Glass
sjg at chromium.org
Mon May 5 19:25:07 CEST 2014
HI Heiko,
On 5 May 2014 01:35, Heiko Schocher <hs at denx.de> wrote:
> Hello Simon,
>
> just talked with Wolfgang about the booting process from signed images,
> as it is described in:
>
> doc/uImage.FIT/verified-boot.txt
> doc/uImage.FIT/signature.txt
>
> If we see it correct, then it is still possible to boot an uImage
> or a FIT image without signature with "bootm" when CONFIG_FIT_SIGNATURE
> is defined.
>
> The question raised, if this is a good behaviour.
>
> Should we not prevent booting uImages or not signed FIT Images when
> CONFIG_FIT_SIGNATURE is defined?
> Or at least prevent booting such unsigned images through an U-Boot
> env variable.
>
> What Do you think?
There is a 'required' property in the public keys which is intended to
support this. If you mark a key as 'required then it will need to be
verified by any image that is loaded. There is a test for this case,
but it may not be comprehensive.
Regards,
Simon
More information about the U-Boot
mailing list