[U-Boot] [U-boot] mkimage -F parameter
Simon Glass
sjg at chromium.org
Fri Feb 1 15:24:55 CET 2013
Hi Tiger,
On Thu, Jan 31, 2013 at 3:36 AM, <TigerLiu at viatech.com.cn> wrote:
> Hi, experts:
>
> It seems mkimage has supported signing a image.
This code is not yet merged, as you have discovered.
>
> So, I have a question about signed linux kernel image:
>
> 1. if kernel image is signed by mkimage tool.
>
> Could uboot verify this signed linux kernel image bf jumping to its
> entry point function?
Yes the bootm command will do this automatically.
>
> 2. if uboot could verify the signed linux kernel image
>
> how to management these different vendors' public keys in uboot code?
> Using env variable?
The keys are not easily kept in an environment variable as we have
several bits of information.
In the current implementation the device tree is used, so you need to
enable CONFIG_OF_CONTROL. Then mkimage will put the public keys in the
FDT, and you attach that to U-Boot.
Multiple keys are supported and it is possible to sign the same image
with several different keys. Keys can be marked 'required' so that
they must verify.
What platform/board are you using?
Regards,
Simon
>
>
>
> Best wishes,
>
>
> _______________________________________________
> U-Boot mailing list
> U-Boot at lists.denx.de
> http://lists.denx.de/mailman/listinfo/u-boot
>
More information about the U-Boot
mailing list