On Sun, Aug 16, 2020 at 11:01:09PM -0700, Thirupathaiah Annapureddy wrote: > Currently FIT image must be signed by all required conf keys. This means > Verified Boot fails if there is a signature verification failure > using any required key in U-Boot DTB. > > This patch introduces a new policy in DTB that can be set to any required > conf key. This means if verified boot passes with one of the required > keys, U-Boot will continue the OS hand off. > > There were prior attempts to address this: > https://lists.denx.de/pipermail/u-boot/2019-April/366047.html > The above patch was failing "make tests". > https://lists.denx.de/pipermail/u-boot/2020-January/396629.html > > Signed-off-by: Thirupathaiah Annapureddy <[email protected]> > Reviewed-by: Simon Glass <[email protected]>
Applied to u-boot/master, thanks! -- Tom
signature.asc
Description: PGP signature
