On 2/25/25 4:49 PM, Jose Quaresma wrote:
From: Marek Vasut <[email protected]>OE FIT_SIGN_INDIVIDUAL is implemented in an unusual manner, where the resulting signed fitImage contains both signed images and signed configurations, possibly using different keys. This kind of signing of images is redundant, but so is the behavior of FIT_SIGN_INDIVIDUAL="1" and that is here to stay. Adjust the process of public key insertion into u-boot.dtb such that if FIT_SIGN_INDIVIDUAL==1, the image signing key is inserted into u-boot.dtb first, and in any case the configuration signing key is inserted into u-boot.dtb last. The verification of the keys inserted into u-boot.dtb against unused.itb is performed only for FIT_SIGN_INDIVIDUAL!=1 due to mkimage limitation, which does not allow mkimage -f auto-conf to update the generated unused.itb, and instead rewrites it. Fixes: 259bfa86f384 ("u-boot: kernel-fitimage: Fix dependency loop if UBOOT_SIGN_ENABLE and UBOOT_ENV enabled") Signed-off-by: Marek Vasut <[email protected]> Signed-off-by: Mathieu Dubois-Briand <[email protected]> Signed-off-by: Richard Purdie <[email protected]> (cherry picked from commit 0106e5efab99c8016836a2ab71e2327ce58a9a9d) Signed-off-by: Jose Quaresma <[email protected]>
Shouldn't Steve Sakoman be on CC ? (now added on To)
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#211916): https://lists.openembedded.org/g/openembedded-core/message/211916 Mute This Topic: https://lists.openembedded.org/mt/111379124/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
