Sourcing a signed boot script
Diego Rondini
diego.rondini at kynetics.com
Thu Dec 5 18:09:25 CET 2019
Hi,
I would like to ask if it is possible to source a script after
verifying its signature.
Currently I've been able to source a script from a signed FIT image,
before doing "bootm", with:
source <addr>:<name>
But this way the signature is not checked yet, so the script cannot be trusted.
According to the docs[1] it seems that it's not possible yet to verify
a FIT image signature without also booting the corresponding image. Is
that right?
[1] https://gitlab.denx.de/u-boot/u-boot/blob/v2019.10/doc/uImage.FIT/signature.txt#L580
Thank you,
Diego Rondini
More information about the U-Boot
mailing list