In order to maintain the chain of trust, each stage of the boot process will first authenticate each binary it loads before continuing. To extend this to the kernal and its dtbs we can package the kernal and its dtbs into another fitImage for Uboot to authenticate and extend the chain of trust all the way to the kernel.
When 'boot_fit' is set, indicating we're using the secure bootflow, look for and authenticate the kernel's fitImage. Signed-off-by: Judith Mendez <j...@ti.com> Signed-off-by: Bryan Brattlof <b...@ti.com> --- include/configs/am62ax_evm.h | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/include/configs/am62ax_evm.h b/include/configs/am62ax_evm.h index 0bc0b13922f0f..ce5dcd34787fa 100644 --- a/include/configs/am62ax_evm.h +++ b/include/configs/am62ax_evm.h @@ -59,9 +59,14 @@ EXTRA_ENV_AM62A7_BOARD_SETTINGS_MMC \ "bootcmd_ti_mmc=" \ "run findfdt; run envboot; run init_mmc;" \ - "run get_kern_mmc; run get_fdt_mmc;" \ - "run get_overlay_mmc;" \ - "run run_kern;\0" + "if test ${boot_fit} -eq 1; then;" \ + "run get_fit_mmc; run get_overlaystring;" \ + "run run_fit;" \ + "else;" \ + "run get_kern_mmc; run get_fdt_mmc;" \ + "run get_overlay_mmc;" \ + "run run_kern;" \ + "fi;\0" #define BOOTENV_DEV_NAME_TI_MMC(devtyeu, devtypel, instance) \ "ti_mmc " -- 2.39.0