[PATCH] introduce CONFIG_DEVICE_TREE_INCLUDES
Simon Glass
sjg at chromium.org
Tue Jan 25 00:50:59 CET 2022
Hi Rasmus,
On Mon, 24 Jan 2022 at 15:15, Rasmus Villemoes
<rasmus.villemoes at prevas.dk> wrote:
>
> On 24/01/2022 18.57, Simon Glass wrote:
>
> >> And the thing about "adding the signature" - yes, indeed, _signing_ can
> >> and should be done after building. But that is not at all what this
> >> started with, this is about embedding the metadata that U-Boot (or SPL)
> >> will need for _verifying_ during the build itself - when the private key
> >> may not even be available. Again, I think that it's a fundamental design
> >> bug that generating and adding that metadata in the form needed by
> >> U-Boot can only be done as a side effect of signing some unrelated image.
> >
> > It is a side effect of signing *the same* image, i.e. the image that
> > holds the signature and the public key. There is only one image, the
> > firmware image produced by binman.
>
> Huh? Are we talking about the same thing? What you write makes no sense
> at all.
Perhaps it is a terminology thing. For me:
image: the final firmware image with everything in it
binary: a component of the image
So there is only one image.
Regards,
Simon
More information about the U-Boot
mailing list