On 25/06/2020 17.51, Thirupathaiah Annapureddy wrote:
> Currently Verified Boot fails if there is a signature verification failure
> using required key in U-boot DTB. This patch adds support for multiple
> required keys. This means if verified boot passes with one of the required
> keys, u-boot will continue the OS hand off.
> There was a prior attempt to resolve this with the following patch:
> https://lists.denx.de/pipermail/u-boot/2019-April/366047.html
> The above patch was failing "make tests".
> Signed-off-by: Thirupathaiah Annapureddy <thir...@linux.microsoft.com>

Hi Thirupathaiah

This is something I'm quite interested in - see
https://lists.denx.de/pipermail/u-boot/2020-January/396629.html . I just
never got around to follow up on it due to other tasks. As Simon points
out, the policy as to whether one or all (or some other choice) required
keys must have signed the image needs to live in the .dtb.

I'd appreciate it if you could cc me on subsequent revisions.


Reply via email to