On Tue, May 16, 2023 at 12:11:24PM +0530, Manorit Chawdhry wrote: > Hi All, > > I recently came upon a discussion that had happened a while back [0]. > I want to continue the discussion as I believe the issue still persists > and the checks around fit signature booting are still the same, that > allows booting the fit without changing the uboot dtb. > > Allowing the signed fit image without this seems to be a bypass that is > available and should not be allowed without any gate to it for people > who'd like to enforce these signing checks. Let me know if there is a > config already available for it and if not, are there any plans to > enable such a config in future. Would like to hear your opinions on > this as I believe this should be fixed as soon as possible. > > [0]: > https://u-boot.denx.narkive.com/dEClg9dW/signed-fit-image-boots-without-public-key
Yes, can you please reproduce the issue in question on the current tree, with a supported platform and provide the defconfig and steps you used for this issue? Thanks. -- Tom
signature.asc
Description: PGP signature