[meta-freescale] U-Boot Verified Boot?
Mark Farver
mfarver at mindbent.org
Tue Oct 11 06:05:44 PDT 2016
Has anyone done any work or thinking about bringing the uboot-sign
class into fsl?
I've been playing with it, but the process used for generating the
u-boot image doesn't generate the right artifacts. The class wants to
concatenate the public key DTB onto the end of a u-boot image with no
DTB. It seems like the process we're using now doesn't generate
either of those files.
cat ${UBOOT_NODTB_IMAGE} ${UBOOT_DTB_IMAGE} | tee ${B}/${UBOOT_BINARY}
> ${UBOOT_IMAGE}
I haven't spent much time on it, and I am likely missing something
obvious but I wanted to check before looking deeper into it. At the
moment I have a custom board with a SPI-NOR that can be write
protected. I'd have a u-boot image in the SPI NOR that searches the
eMMC and SD looking for valid kernels/disk images, I'd like to be able
to verify signatures on those before loading them. It seems like this
is less complicated than trying to figure out Secure Boot on the iMX6.
Thank you
Mark Farver
More information about the meta-freescale
mailing list