-
The capsule signature is now part of our DTB. This is problematic when a user is allowed to change/fixup that DTB from U-Boots command line since he can overwrite the signature as well. So Instead of adding the key on the DTB, embed it in the u-boot binary it self as part of it's .rodata. This assumes that the U-Boot binary we load is authenticated by a previous boot stage loader. Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Tested-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Tested-by: Sughosh Ganu <sughosh.ganu@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
ddf67daa