Hope you are doing well and everything is going good at your end. I am using Raspi 4B and Compute Model 4 and trying to configure U-boot with Verified boot support, *but while booting the signing of the configuration is not being checked*. I am using the latest master branch from GitHub. <https://github.com/u-boot/u-boot>
We have checked the signature verification via the *"fit_check_sign" *utility that comes with u-boot and it does verify the configuration of the signature so, I am sure that the image is signed properly and the Control FDT is good as well. [image: fit_check_sign.png] but while booting, it doesn't check the signature of the configuration. It should be showing "*Verifying Hash Integrity ... sha1,rsa2048:dev+ OK*" [image: image.png] *I believe that maybe I am not adding Control FDT in the U-boot binary properly.* Following is the command that I am using to add control FDT to U-boot. $ make EXT_DTB=bcm2711-rpi-4-b-pubkey.dtb -j8 I have also tried $ make DEV_TREE_BIN=bcm2711-rpi-4-b-pubkey.dtb -j8 The bytes size of the u-boot.bin and u-boot-nodtb.bin after using both the above commands is the same. Attached is the FIT source file, rpi_4_defconfig and the control FDT file. Also, the following has been added in configs/rpi_4_defconfig. CONFIG_OF_CONTROL=y CONFIG_FIT=y CONFIG_FIT_SIGNATURE=y CONFIG_RSA=y *Can you please help me with how to add Control FDT to the U-boot.bin binary or what can be the reason that it isn't checking the signature of the configuration while booting? Any kind of help would be really appreciated.*
rpi_4_defconfig
Description: Binary data
image.its
Description: Binary data
bcm2711-rpi-4-b-pubkey.dtb
Description: Binary data
