Hi Thirupathaiah,
On Mon, 29 Jun 2020 at 11:26, Simon Glass <[email protected]> wrote: > > Hi Thirupathaiah, > > On Thu, 25 Jun 2020 at 09:51, Thirupathaiah Annapureddy > <[email protected]> wrote: > > > > Currently Verified Boot fails if there is a signature verification failure > > using required key in U-boot DTB. This patch adds support for multiple > > required keys. This means if verified boot passes with one of the required > > keys, u-boot will continue the OS hand off. > > > > There was a prior attempt to resolve this with the following patch: > > https://lists.denx.de/pipermail/u-boot/2019-April/366047.html > > The above patch was failing "make tests". > > > > Signed-off-by: Thirupathaiah Annapureddy <[email protected]> > > --- > > common/image-fit-sig.c | 12 +++++++++++- > > 1 file changed, 11 insertions(+), 1 deletion(-) One more thing...this patch is changing the policy. I think we need a new string property in the DTB alongside the 'required' properly, that indicates whether the image must be signed with all required keys, or just one. Regards, Simon
