Hello everyone, the concept widely known as Secure Boot is called "Verified Boot" in U-Boot and it does the same as you would expect: load a signed kernel image (configuration), verify the signature, abort if verification fails. (Other steps of the verification chain are not covered by this series.)
Some foundational work like support for U-Boot loading FIT images was merged last year already. I had the remaining parts lying around working, but some necessary patches were not in mainline U-Boot back then. With u-boot-tools 2024.10 or later it's finally possible to upstream this. See commit messages for details. Let me know if Kconfig help is sufficient or if the documentation should be extended. Greets Alex Alexander Dahl (2): u-boot-tools: Version bump 2020.07 -> 2025.04 u-boot: Add option to load signed kernel FIT images platforms/u-boot.in | 30 +++++++++++++++++++++++++++--- rules/host-u-boot-tools.in | 1 + rules/u-boot-tools.make | 6 +++--- rules/u-boot.make | 13 +++++++++++++ scripts/lib/ptxd_make_fit_image.sh | 7 ------- 5 files changed, 44 insertions(+), 13 deletions(-) -- 2.39.5
