[PATCH] introduce CONFIG_DEVICE_TREE_INCLUDES

Rasmus Villemoes rasmus.villemoes at prevas.dk
Mon Jan 24 23:15:22 CET 2022


On 24/01/2022 18.57, Simon Glass wrote:

>> And the thing about "adding the signature" - yes, indeed, _signing_ can
>> and should be done after building. But that is not at all what this
>> started with, this is about embedding the metadata that U-Boot (or SPL)
>> will need for _verifying_ during the build itself - when the private key
>> may not even be available. Again, I think that it's a fundamental design
>> bug that generating and adding that metadata in the form needed by
>> U-Boot can only be done as a side effect of signing some unrelated image.
> 
> It is a side effect of signing *the same* image, i.e. the image that
> holds the signature and the public key. There is only one image, the
> firmware image produced by binman.

Huh? Are we talking about the same thing? What you write makes no sense
at all.

Rasmus


More information about the U-Boot mailing list