[PATCH v3 1/3] vboot: add DTB policy for supporting multiple required conf keys

Tom Rini trini at konsulko.com
Tue Oct 13 16:06:37 CEST 2020


On Sun, Aug 16, 2020 at 11:01:09PM -0700, Thirupathaiah Annapureddy wrote:

> Currently FIT image must be signed by all required conf keys. This means
> Verified Boot fails if there is a signature verification failure
> using any required key in U-Boot DTB.
> 
> This patch introduces a new policy in DTB that can be set to any required
> conf key. This means if verified boot passes with one of the required
> keys, U-Boot will continue the OS hand off.
> 
> There were prior attempts to address this:
> https://lists.denx.de/pipermail/u-boot/2019-April/366047.html
> The above patch was failing "make tests".
> https://lists.denx.de/pipermail/u-boot/2020-January/396629.html
> 
> Signed-off-by: Thirupathaiah Annapureddy <thiruan at linux.microsoft.com>
> Reviewed-by: Simon Glass <sjg at chromium.org>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20201013/108467f7/attachment.sig>


More information about the U-Boot mailing list