[U-Boot] Workaround for SPL modifying the DTB before use
Bartlomiej
bartek at conclusive.pl
Mon Sep 16 14:22:36 UTC 2019
Hello,
We're implementing secure boot using HAB for an i.MX8M based board using
U-Boot, specifically the fork from the `u-boot-imx6` repository from
Boundary Devices. The reason i'm posting this here, is because the
problematic behaviour we encountered seems to come from the mainline.
We have a FIT image which contains the U-Boot, ATF & the DTB. The SPL
manipulates the DTB when booting the board by adding a memreserve
section and an additional node into the FDT. This makes secure boot fail
when verifying the DTB from the image, since it has a different length
and contents. The workaround we used is removing the DTB from the
U-Boot's FIT image and embedding it directly in the binary. This seems
to work, but are there any better ways of fixing the above problem?
Best regards,
Bartlomiej Nowak
More information about the U-Boot
mailing list