verified boot (vboot) with secure U-Boot env for SWUpdate

[Tim Harvey]

Greetings,

I'm looking at using SWUpdate to facilitate an A/B ping-pong method of
firmware updates where a state is stored in U-Boot env by the SWUpdate
postinst script.

I'm needing to use secure boot with U-Boot's verified boot support and
am not clear how, if at all, the U-Boot env can be authenticated.

Is there any authentication support within a flash stored U-boot
environment that is supported by fw_setenv and if not what is the
recommendation for removing environment and are there any other
suggestions for an SWUpdate postinstall script to select the OS image
to boot after an update?

Best regards,

Tim