Fit Signature booting without public key
Manorit Chawdhry
m-chawdhry at ti.com
Tue May 16 08:41:24 CEST 2023
Hi All,
I recently came upon a discussion that had happened a while back [0].
I want to continue the discussion as I believe the issue still persists
and the checks around fit signature booting are still the same, that
allows booting the fit without changing the uboot dtb.
Allowing the signed fit image without this seems to be a bypass that is
available and should not be allowed without any gate to it for people
who'd like to enforce these signing checks. Let me know if there is a
config already available for it and if not, are there any plans to
enable such a config in future. Would like to hear your opinions on
this as I believe this should be fixed as soon as possible.
[0]: https://u-boot.denx.narkive.com/dEClg9dW/signed-fit-image-boots-without-public-key
Regards,
Manorit
More information about the U-Boot
mailing list