Some questions about the U-Boot verified boot

[Thomas Perrot]

Hello everyone,

I have a question about the verified boot, is it possible to sign both
images and configurations in the same fitimage?

I ask the question because when I try to do that then the image
signature checking always fails, when calling the source command,
without preventing the loading of the bootscr.

I would like that the loading is strictly interrupted, in case of
failure of an image signature checking or a configuration signature
checking.

Moreover, when configurations aren’t signed or with an invalid key then
an error is well raised and loading interrupted.

In addition, from the dtb, the property “required” of the signature
node is set to config.
Then it doesn’t seem possible to sign images and configurations with
the same key, even using different fitimage.
Could using two keys solve my issue?

Is there a way to make the verified boot strict, to prohibit the use of
fitimage which does not contain any signature, and ensure that either
the images or the configurations are always signed?
In my case, setting the variable verify=yes seems doesn’t work
correctly.

NB. I’m using the version 2020.04. 

Best regards,
Thomas Perrot

-- 
Thomas Perrot, Bootlin
Embedded Linux and kernel engineering
https://bootlin.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210708/46001973/attachment.sig>