mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-11-17 02:08:38 +00:00
041bca5ba3
Add a description of how to implement verified boot using signed FIT images, and a simple test which verifies operation on sandbox. The test signs a FIT image and verifies it, then signs a FIT configuration and verifies it. Then it corrupts the signature to check that this is detected. Signed-off-by: Simon Glass <sjg@chromium.org>
45 lines
790 B
Text
45 lines
790 B
Text
/dts-v1/;
|
|
|
|
/ {
|
|
description = "Chrome OS kernel image with one or more FDT blobs";
|
|
#address-cells = <1>;
|
|
|
|
images {
|
|
kernel@1 {
|
|
data = /incbin/("test-kernel.bin");
|
|
type = "kernel_noload";
|
|
arch = "sandbox";
|
|
os = "linux";
|
|
compression = "none";
|
|
load = <0x4>;
|
|
entry = <0x8>;
|
|
kernel-version = <1>;
|
|
hash@1 {
|
|
algo = "sha1";
|
|
};
|
|
};
|
|
fdt@1 {
|
|
description = "snow";
|
|
data = /incbin/("sandbox-kernel.dtb");
|
|
type = "flat_dt";
|
|
arch = "sandbox";
|
|
compression = "none";
|
|
fdt-version = <1>;
|
|
hash@1 {
|
|
algo = "sha1";
|
|
};
|
|
};
|
|
};
|
|
configurations {
|
|
default = "conf@1";
|
|
conf@1 {
|
|
kernel = "kernel@1";
|
|
fdt = "fdt@1";
|
|
signature@1 {
|
|
algo = "sha1,rsa2048";
|
|
key-name-hint = "dev";
|
|
sign-images = "fdt", "kernel";
|
|
};
|
|
};
|
|
};
|
|
};
|