mirror of
https://git.yoctoproject.org/meta-ti
synced 2026-01-12 01:20:20 +00:00
Revert "conf: machine: k3: disable all fit signing for uboot"
FIT signing was disabled in the past as it was interfering with multi
DTB usecase in binman, and it was thought that the binman signing being
done is equivalent to UBOOT_SIGN_ENABLE.
Though looking at the sources, UBOOT_SIGN_ENABLE is actually used to
sign the kernel FIT Image instead and the name UBOOT actually specifies
that it's used in tandom with U-boot. During the signing process, mkimage
from U-boot is used to pack the kernel FIT Image and along with that,
one DTB from U-boot is also passed to the mkimage command. The DTB that
gets passed gets the key embedded in it that is used to verify the
kernel FIT image at runtime.
Now this signed DTB is packed in U-boot by triggering a rebuild with
EXT_DTB argument in the U-boot build process. However, this failed as
there was a U-boot bug which was not looking at the packed sources
properly with the multi DTB usecase.
Now that a U-boot fix is available [0], revert that commit which
disabled the FIT signing.
This reverts commit 9656b79cb5.
[0]: https://lore.kernel.org/all/20250626-b4-upstream-fix-icssg-fit-v1-1-95eff1c853a4@ti.com/
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Signed-off-by: Ryan Eatmon <reatmon@ti.com>
This commit is contained in:
Manorit Chawdhry
committed by
Ryan Eatmon
Ryan Eatmon
parent
3e5f828f91
commit
c3d9acf613
@@ -21,6 +21,10 @@ SPL_BINARY = "tispl.bin"
|
||||
SPL_BINARYNAME = "tispl.bin"
|
||||
UBOOT_SUFFIX = "img"
|
||||
|
||||
UBOOT_SIGN_ENABLE = "1"
|
||||
UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb"
|
||||
UBOOT_SIGN_KEYNAME ?= "custMpk"
|
||||
UBOOT_SIGN_KEYDIR ?= "${TI_SECURE_DEV_PKG}/keys"
|
||||
FIT_HASH_ALG ?= "sha512"
|
||||
FIT_SIGN_ALG ?= "rsa4096"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user