summaryrefslogtreecommitdiff
path: root/doc/uImage.FIT/signature.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/uImage.FIT/signature.txt')
-rw-r--r--doc/uImage.FIT/signature.txt14
1 files changed, 14 insertions, 0 deletions
diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt
index d4afd755e9..a3455889ed 100644
--- a/doc/uImage.FIT/signature.txt
+++ b/doc/uImage.FIT/signature.txt
@@ -386,6 +386,20 @@ that might be used by the target needs to be signed with 'required' keys.
This happens automatically as part of a bootm command when FITs are used.
+For Signed Configurations, the default verification behavior can be changed by
+the following optional property in /signature node in U-Boot's control FDT.
+
+- required-mode: Valid values are "any" to allow verified boot to succeed if
+the selected configuration is signed by any of the 'required' keys, and "all"
+to allow verified boot to succeed if the selected configuration is signed by
+all of the 'required' keys.
+
+This property can be added to a binary device tree using fdtput as shown in
+below examples::
+
+ fdtput -t s control.dtb /signature required-mode any
+ fdtput -t s control.dtb /signature required-mode all
+
Enabling FIT Verification
-------------------------
generated by cgit v1.2.3 (git 2.0.4) at 2024-06-28 00:06:15 +0000