From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marek Vasut Date: Wed, 12 Feb 2014 11:46:43 +0100 Subject: [U-Boot] [PATCH 2/7] fdt: add "fdt sign" command In-Reply-To: <52F86E6D.6040705@denx.de> References: <1390632269-8971-1-git-send-email-hs@denx.de> <201402081510.00074.marex@denx.de> <52F86E6D.6040705@denx.de> Message-ID: <201402121146.43099.marex@denx.de> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On Monday, February 10, 2014 at 07:15:09 AM, Heiko Schocher wrote: > Hello Marek, > > Am 08.02.2014 15:09, schrieb Marek Vasut: > > On Saturday, January 25, 2014 at 07:44:24 AM, Heiko Schocher wrote: > >> check if a fdt is correct signed > >> pass an optional addr value. Contains the addr of the key blob > >> > >> Signed-off-by: Heiko Schocher > >> Cc: Simon Glass > > > > Should the FIT signature checking really be part of the 'fdt' command ? > > Shouldn't 'bootm' check the signature (well, 'bootm prep' or such does) > > or somesuch command ? > > Why not? I use this "fdt check" command for example in a script, for > checking if the FIT image is correct signed, and if so, update with > the binaries in it some UBI Volumes (not only kernel, dt and/or > rootfs) ... but if this is not accepted, I can look into the bootm > command if I can use it ... but I do not want boot the FIT image ... But doesn't 'bootm prep' (aka. prepare the image for booting, but do not actually boot) do the same thing ? It does verify the image etc., right ? Best regards, Marek Vasut