Hi Neha, Nagabhushan,
On 2/27/2026 4:00 PM, Francis, Neha wrote:
Hi Nagabhushan
+ Manorit do correct me if I'm wrong
On 2/27/2026 5:14 AM, Simon Glass wrote:
+Neha Malcom Francis
Hi,
On Wed, 25 Feb 2026 at 01:54, Nagabhushan D <[email protected]> wrote:
Hi Team,
I am a recent graduate working in Embedded stream. Currently exploring secure
booting on TI boards. I went through some of the writings on github -
https://github.com/ARM-software/u-boot/blob/master/doc/uImage.FIT/signature.txt
and other sources by TI. I would like to get few confusions cleared by this
mail and thanks for take some time for this.
I'm linking a couple of links [0] and [1] that should clear up everything if you
haven't stumbled upon them already.
1. Can I try out only fitImage verification with hs fs boards only?
Neha may know about that one.
No, both GP/HS can enforce fitImage auth (check FIT_SIGNATURE_ENFORCE)
FIT_SIGNATURE_ENFORCE is something that wasn't upstreamed.. it's
something internally that we had tried to flow flush it and just left it
at an RFC stage [2]
But to answer yes, all the keys and everything is contains within U-boot
so regardless of HS/GP or whatever device, it should work fine if you
follow the guide.
2. Can I try it with ti dummy keys or any other way to know if the flow/fit
signing is correct?
There are tests which check signature verification using sandbox,
which might be the easiest way to try it out. See test_fit.py
Yes sandbox testing would work, as well as building with the TI dummy key.
Regards,
Simon
[0]
https://software-dl.ti.com/processor-sdk-linux/esd/AM62AX/latest/exports/docs/linux/Foundational_Components_Kernel_Users_Guide.html#creating-the-kernel-fitimage-for-high-security-device-gp-devices
(this is our SDK doc, just in case you need more help to follow along, more or
less the same as what the upstream docs talk about)
[1] https://docs.u-boot.org/en/latest/board/ti/k3.html#fit-signature-signing
[2]:
https://lore.kernel.org/u-boot/20240111-b4-upstream-fit-signature-enforce-v1-1-2b91be318...@ti.com/
Regards,
Manorit
