引导加载程序有两个 HAB 签名区域,SPL Image 和 FIT Image。
Q1:我认为在bootloader启动的时候,SPL Image和FIT Image的HAB签名验证一定是成功的。它是否正确? (在 Secureboot 关闭时)
Q2.SPL Image的HAB签名验证在哪里进行? (引导?)
Q3. FIT Image的HAB签名验证是在哪里进行的? (u-boot-spl?)
Q4.在UUU中使用SerialDownloader启动bootloader是否也一样?
BR。上田
+-----------------------------+
| |
| *Signed HDMI/DP FW |
| |
+-----------------------------+
| Padding |
------- +-----------------------------+ --------
^ | IVT - SPL | ^
Signed | +-----------------------------+ |
Data | | u-boot-spl.bin | |
| | + | | SPL
v | DDR FW | | Image
------- +-----------------------------+ |
| CSF - SPL + DDR FW | v
+-----------------------------+ --------
| Padding |
------- +-----------------------------+ --------
Signed ^ | FDT - FIT | ^
Data | +-----------------------------+ |
v | IVT - FIT | |
------- +-----------------------------+ |
| CSF - FIT | |
------- +-----------------------------+ | FIT
^ | u-boot-nodtb.bin | | Image
| +-----------------------------+ |
Signed | | OP-TEE (Op
tional) | |
Data | +-----------------------------+ |
| | bl31.bin (ATF) | |
| +-----------------------------+ |
v | u-boot.dtb | v
------- +-----------------------------+ --------
