On Fri, 17 Apr 2026 10:30:47 +0200, Yan WANG wrote:
> This series improves the reliability and efficiency of binman preload
> header generation and test it against an encrypted FIT image signed with
> a preload header.
>
> When a preload header references other entries (e.g. an encrypted FIT)
> through the collection etype, the referenced entries may be rebuilt
> multiple times during binman processing. This becomes problematic when
> the referenced entry produces non-deterministic output, such as FIT
> encryption using random IVs or timestamps, since rebuilding the entry
> changes the data.
>
> [...]
Applied to u-boot/master, thanks!
[1/3] binman: Generate preload header and sign data only once
commit: 5006121b44a2d147e7e426c74537b3566407e853
[2/3] binman: collection: Set build_done on referenced entries
commit: 9ff82a771c44a8cf38bd52b556f685ddbc6f1a55
[3/3] tools: binman: Test signing an encrypted FIT with a preload header
commit: b20d69e5f57bee299380bb30112856e51d8f26b0
--
Tom
