[U-Boot] Workaround for SPL modifying the DTB before use
bartek at conclusive.pl
Mon Sep 16 14:22:36 UTC 2019
We're implementing secure boot using HAB for an i.MX8M based board using
U-Boot, specifically the fork from the `u-boot-imx6` repository from
Boundary Devices. The reason i'm posting this here, is because the
problematic behaviour we encountered seems to come from the mainline.
We have a FIT image which contains the U-Boot, ATF & the DTB. The SPL
manipulates the DTB when booting the board by adding a memreserve
section and an additional node into the FDT. This makes secure boot fail
when verifying the DTB from the image, since it has a different length
and contents. The workaround we used is removing the DTB from the
U-Boot's FIT image and embedding it directly in the binary. This seems
to work, but are there any better ways of fixing the above problem?
More information about the U-Boot