Hi Nagabhushan + Manorit do correct me if I'm wrong
On 2/27/2026 5:14 AM, Simon Glass wrote: > +Neha Malcom Francis > > Hi, > > On Wed, 25 Feb 2026 at 01:54, Nagabhushan D <[email protected]> wrote: >> >> Hi Team, >> I am a recent graduate working in Embedded stream. Currently exploring >> secure booting on TI boards. I went through some of the writings on github - >> https://github.com/ARM-software/u-boot/blob/master/doc/uImage.FIT/signature.txt >> and other sources by TI. I would like to get few confusions cleared by this >> mail and thanks for take some time for this. I'm linking a couple of links [0] and [1] that should clear up everything if you haven't stumbled upon them already. >> >> 1. Can I try out only fitImage verification with hs fs boards only? > > Neha may know about that one. No, both GP/HS can enforce fitImage auth (check FIT_SIGNATURE_ENFORCE) > >> 2. Can I try it with ti dummy keys or any other way to know if the flow/fit >> signing is correct? > > There are tests which check signature verification using sandbox, > which might be the easiest way to try it out. See test_fit.py Yes sandbox testing would work, as well as building with the TI dummy key. > > Regards, > Simon [0] https://software-dl.ti.com/processor-sdk-linux/esd/AM62AX/latest/exports/docs/linux/Foundational_Components_Kernel_Users_Guide.html#creating-the-kernel-fitimage-for-high-security-device-gp-devices (this is our SDK doc, just in case you need more help to follow along, more or less the same as what the upstream docs talk about) [1] https://docs.u-boot.org/en/latest/board/ti/k3.html#fit-signature-signing -- Thanking You Neha Malcom Francis
