Dummy device tree for verified boot

Gamble, Bradley bradley.gamble at ncipher.com
Wed Apr 15 16:05:19 CEST 2020


Hello,


I am currently attempting to utilize Verified Boot to verify FIT images on my T104x-based device. I am building U-Boot with the standard options for Verified Boot (CONFIG_FIT, CONFIG_FIT_SIGNATURE, CONFIG_RSA, CONFIG_OF_CONTROL and CONFIG_OF_SEPARATE).


When building U-Boot I need to supply a DTB image at build time. However, the device I am targetting may have a number of different configurations. This has been manged previously by using a single version of U-Boot and loading different FIT images containing different DTBs based on how the device will be used.


Does the DTB supplied to U-Boot at build time have to be "fully-featured"? Can it be a dummy DTB containing minimal nodes just for the purpose of storing the key contents for Verified Boot?


Kind regards,

BDG


________________________________

 [cid:image28dcb9.JPG at 434a8dea.4eb6ff24] <http://www.ncipher.com>
Bradley Gamble
Software Engineer
Tel: +44 1293 580000


nCipher Security
Manor Royal
Crawley RH10 9HA
United Kingdom

www.ncipher.com<http://www.ncipher.com>

[cid:imagec22e21.JPG at 371fb8cf.429ceea3]<https://www.ncipher.com/2020/global-encryption-trends-study?utm_source=email-signature&utm_medium=email&utm_campaign=2020_04-GETS-Internal>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: image28dcb9.JPG
Type: image/jpeg
Size: 26793 bytes
Desc: image28dcb9.JPG
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20200415/20b63db3/attachment-0002.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: imagec22e21.JPG
Type: image/jpeg
Size: 23049 bytes
Desc: imagec22e21.JPG
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20200415/20b63db3/attachment-0003.jpe>


More information about the U-Boot mailing list