Hello everyone,

the concept widely known as Secure Boot is called "Verified Boot" in
U-Boot and it does the same as you would expect: load a signed kernel
image (configuration), verify the signature, abort if verification
fails.  (Other steps of the verification chain are not covered by this
series.)

Some foundational work like support for U-Boot loading FIT images was
merged last year already.  I had the remaining parts lying around
working, but some necessary patches were not in mainline U-Boot back
then.  With u-boot-tools 2024.10 or later it's finally possible to
upstream this.

See commit messages for details.  Let me know if Kconfig help is
sufficient or if the documentation should be extended.

Greets
Alex

Alexander Dahl (2):
  u-boot-tools: Version bump 2020.07 -> 2025.04
  u-boot: Add option to load signed kernel FIT images

 platforms/u-boot.in                | 30 +++++++++++++++++++++++++++---
 rules/host-u-boot-tools.in         |  1 +
 rules/u-boot-tools.make            |  6 +++---
 rules/u-boot.make                  | 13 +++++++++++++
 scripts/lib/ptxd_make_fit_image.sh |  7 -------
 5 files changed, 44 insertions(+), 13 deletions(-)

-- 
2.39.5


Reply via email to