On Fri, Dec 23, 2022 at 07:15:25PM -0600, Bryan Brattlof wrote: > In order to maintain the chain of trust, each stage of the boot process > will first authenticate each binary it loads before continuing. To > extend this to the kernal and its dtbs we can package the kernal and > its dtbs into another fitImage for Uboot to authenticate and extend the > chain of trust all the way to the kernel. > > When 'boot_fit' is set, indicating we're using the secure bootflow, look > for and authenticate the kernel's fitImage. > > Signed-off-by: Judith Mendez <[email protected]> > Signed-off-by: Bryan Brattlof <[email protected]>
Applied to u-boot/master, thanks! -- Tom
signature.asc
Description: PGP signature
