Ham22
commented
7 years ago Possibly we could generate a fake fit image that has the same key config as the fit image we intend to boot?
Open Ham22 opened 7 years ago
Ham22
commented
7 years ago Possibly we could generate a fake fit image that has the same key config as the fit image we intend to boot?
The public keys used to verify a signed fit image are stored in a special node of u-boot's device tree. However mkimage relies on knowing the fit images key config to add these correctly to uboot. This is done by reading the fit image itself making it a dependency of building uboot.
When using higher level build systems such as openwrt, buildroot, etc this can add complexities because linux would need to become a dependency of u-boot in order to get a fit image.