mirror of
https://github.com/Fishwaldo/u-boot.git
synced 2025-03-18 13:11:31 +00:00
doc: verified-boot: add required-mode information
Add documentation about 'required-mode' property in /signature node in U-Boot's control FDT. Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com> Reviewed-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
parent
feaeee8b5f
commit
6a0498a5fd
1 changed files with 14 additions and 0 deletions
|
@ -386,6 +386,20 @@ that might be used by the target needs to be signed with 'required' keys.
|
|||
|
||||
This happens automatically as part of a bootm command when FITs are used.
|
||||
|
||||
For Signed Configurations, the default verification behavior can be changed by
|
||||
the following optional property in /signature node in U-Boot's control FDT.
|
||||
|
||||
- required-mode: Valid values are "any" to allow verified boot to succeed if
|
||||
the selected configuration is signed by any of the 'required' keys, and "all"
|
||||
to allow verified boot to succeed if the selected configuration is signed by
|
||||
all of the 'required' keys.
|
||||
|
||||
This property can be added to a binary device tree using fdtput as shown in
|
||||
below examples::
|
||||
|
||||
fdtput -t s control.dtb /signature required-mode any
|
||||
fdtput -t s control.dtb /signature required-mode all
|
||||
|
||||
|
||||
Enabling FIT Verification
|
||||
-------------------------
|
||||
|
|
Loading…
Add table
Reference in a new issue