Hi Martin,
On Wed, 20 Jul 2022 at 02:46, Martin Bonner wrote:
>
> OK. I've just realized there is an important warning missing from
> this (if you verify a configuration signature outside u-boot, you
> _must_ verify the hashes for the kernel, fdt, and ramdisk images match
> too). What is the pr
OK. I've just realized there is an important warning missing from
this (if you verify a configuration signature outside u-boot, you
_must_ verify the hashes for the kernel, fdt, and ramdisk images match
too). What is the protocol for handling that? Submit a new patch
with title "[Patch v2] ..."?
There are a couple of uncertainties still remaining:
- The "hashed-nodes" property is created by mkimage in image order.
What happens if somebody manipulates a signed image to change the
order? Does it make any difference? Do u-boot and fit_check_sign
handle it in the same way? (My preference wo
I have just spent a week reverse-engineering this, so I thought I'd
contribute the work back to the community
diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt
index 61a72db3c7..61cdd55e40 100644
--- a/doc/uImage.FIT/signature.txt
+++ b/doc/uImage.FIT/signature.txt
@@ -382,6
4 matches
Mail list logo
