doc/uImage.FIT/signature.txt

1 U-Boot FIT Signature Verification
6 FIT supports hashing of images so that these hashes can be checked on
24    - hash an image in the FIT
26    - store the resulting signature in the FIT
30    - read the FIT
32    - extract the signature from the FIT
33    - hash the image from the FIT
83 The following properties are required in the FIT's signature node(s) to
125 - hashed-strings: The start and size of the string region of the FIT that
152 normally verified by the FIT image booting algorithm. Valid values are
172 FIT with the same signed images, but with the configuration changed such
174 to substitute a signed image from an older FIT version into a newer FIT
177 As an example, consider this FIT:
311 verified later even if the FIT has been signed with other keys in the
325 Enabling FIT Verification
327 In addition to the options to enable FIT itself, the following CONFIGs must
333 WARNING: When relying on signed FIT images with required signature check
352 Please see doc/uImage.FIT/verified-boot.txt for more information
357 Build FIT with signed images
361 Build FIT with signed configuration
371 Build FIT with signed images
375 Build FIT with signed configuration
393 Internet. If an attacker is able to steal the key, they can sign malicious FIT
518 Use the label, in this case "Signature key" as the key-name-hint in your FIT.