diff options
| author | Thirupathaiah Annapureddy <thiruan@linux.microsoft.com> | 2020-08-16 23:01:09 -0700 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2020-10-12 21:30:37 -0400 |
| commit | 182eeefcb439282dfe3320f4a12ab752f313f6fe (patch) | |
| tree | c8f1d0063338046c9a4f3a396f4913ddb03739d9 /common/image-cipher.c | |
| parent | 9885313b9add6c04cf3059958c5ee51a4f0ac930 (diff) | |
vboot: add DTB policy for supporting multiple required conf keys
Currently FIT image must be signed by all required conf keys. This means
Verified Boot fails if there is a signature verification failure
using any required key in U-Boot DTB.
This patch introduces a new policy in DTB that can be set to any required
conf key. This means if verified boot passes with one of the required
keys, U-Boot will continue the OS hand off.
There were prior attempts to address this:
https://lists.denx.de/pipermail/u-boot/2019-April/366047.html
The above patch was failing "make tests".
https://lists.denx.de/pipermail/u-boot/2020-January/396629.html
Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'common/image-cipher.c')
0 files changed, 0 insertions, 0 deletions