Hello,
I am currently attempting to utilize Verified Boot to verify FIT images on my T104x-based device. I am building U-Boot with the standard options for Verified Boot (CONFIG_FIT, CONFIG_FIT_SIGNATURE, CONFIG_RSA, CONFIG_OF_CONTROL and CONFIG_OF_SEPARATE). When building U-Boot I need to supply a DTB image at build time. However, the device I am targetting may have a number of different configurations. This has been manged previously by using a single version of U-Boot and loading different FIT images containing different DTBs based on how the device will be used. Does the DTB supplied to U-Boot at build time have to be "fully-featured"? Can it be a dummy DTB containing minimal nodes just for the purpose of storing the key contents for Verified Boot? Kind regards, BDG ________________________________ [cid:[email protected]] <http://www.ncipher.com> Bradley Gamble Software Engineer Tel: +44 1293 580000 nCipher Security Manor Royal Crawley RH10 9HA United Kingdom www.ncipher.com<http://www.ncipher.com> [cid:[email protected]]<https://www.ncipher.com/2020/global-encryption-trends-study?utm_source=email-signature&utm_medium=email&utm_campaign=2020_04-GETS-Internal>
