summaryrefslogtreecommitdiff
path: root/doc/uImage.FIT/signature.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/uImage.FIT/signature.txt')
-rw-r--r--doc/uImage.FIT/signature.txt6
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt
index 9502037705..a6ab543de4 100644
--- a/doc/uImage.FIT/signature.txt
+++ b/doc/uImage.FIT/signature.txt
@@ -328,6 +328,9 @@ be enabled:
CONFIG_FIT_SIGNATURE - enable signing and verfication in FITs
CONFIG_RSA - enable RSA algorithm for signing
+WARNING: When relying on signed FIT images with required signature check
+the legacy image format is default disabled by not defining
+CONFIG_IMAGE_FORMAT_LEGACY
Testing
-------
@@ -358,6 +361,7 @@ Test Verified Boot Run: unsigned config: OK
Sign images
Test Verified Boot Run: signed config: OK
check signed config on the host
+Signature check OK
OK
Test Verified Boot Run: signed config: OK
Test Verified Boot Run: signed config with bad hash: OK
@@ -371,12 +375,14 @@ Test Verified Boot Run: unsigned config: OK
Sign images
Test Verified Boot Run: signed config: OK
check signed config on the host
+Signature check OK
OK
Test Verified Boot Run: signed config: OK
Test Verified Boot Run: signed config with bad hash: OK
Test passed
+
Future Work
-----------
- Roll-back protection using a TPM is done using the tpm command. This can