Skip to content
Snippets Groups Projects
Commit 182eeefc authored by Thirupathaiah Annapureddy's avatar Thirupathaiah Annapureddy Committed by Tom Rini
Browse files

vboot: add DTB policy for supporting multiple required conf keys 

Currently FIT image must be signed by all required conf keys. This means
Verified Boot fails if there is a signature verification failure
using any required key in U-Boot DTB.

This patch introduces a new policy in DTB that can be set to any required
conf key. This means if verified boot passes with one of the required
keys, U-Boot will continue the OS hand off.

There were prior attempts to address this:
https://lists.denx.de/pipermail/u-boot/2019-April/366047.html
The above patch was failing "make tests".
https://lists.denx.de/pipermail/u-boot/2020-January/396629.html



Signed-off-by: default avatarThirupathaiah Annapureddy <thiruan@linux.microsoft.com>
Reviewed-by: Simon Glass's avatarSimon Glass <sjg@chromium.org>
parent 9885313b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 29 additions and 3 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Imprint & Privacy Policy