[PATCH v1 0/2] sunxi: support signed images in SPL without SPL_DM
Lukas Schmid
lukas.schmid at netcube.li
Mon Aug 11 18:10:32 CEST 2025
This series adds support for signed SPL/U-Boot FIT images on Sunxi
platforms and removes the unnecessary SPL_DM dependency for RSA
verification.
Patch 1 allows FIT signature verification in SPL to work on boards
that do not enable SPL_DM by falling back to the software RSA
implementation when no hardware modular exponentiation driver is
available.
Patch 2 extends sunxi-u-boot.dtsi to add conditional nodes for
hashes and signatures, following the same approach used in the
Rockchip u-boot.dtsi. This enables secure boot flows where SPL can
verify U-Boot and associated binaries before handing over control.
Tested on a Sunxi board with CONFIG_SPL_FIT_SIGNATURE enabled and
SPL_DM disabled, verifying a signed U-Boot image successfully.
Lukas Schmid (2):
rsa: allow operation without SPL_DM by falling back to software
sunxi: u-boot.dtsi: add support for signed SPL and U-Boot images
arch/arm/dts/sunxi-u-boot.dtsi | 68 ++++++++++++++++++++++++++++++++--
boot/Kconfig | 2 +-
lib/rsa/rsa-verify.c | 4 +-
3 files changed, 67 insertions(+), 7 deletions(-)
--
2.39.5
More information about the U-Boot
mailing list