[U-Boot] booting signed Images
Wolfgang Denk
wd at denx.de
Mon May 5 19:55:04 CEST 2014
Dear Simon,
In message <CAPnjgZ2-qC8YK8t2DvmzXWKy3Wd+=7VY1Ti=Jm98LF96PLfu-g at mail.gmail.com> you wrote:
>
> > Should we not prevent booting uImages or not signed FIT Images when
> > CONFIG_FIT_SIGNATURE is defined?
> > Or at least prevent booting such unsigned images through an U-Boot
> > env variable.
> >
> > What Do you think?
>
> There is a 'required' property in the public keys which is intended to
> support this. If you mark a key as 'required then it will need to be
> verified by any image that is loaded. There is a test for this case,
> but it may not be comprehensive.
But what about legacy uImage files? It appears nothing would stop
booting one of those?
Best regards,
Wolfgang Denk
--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
Accident: A condition in which presence of mind is good, but absence
of body is better.
More information about the U-Boot
mailing list