9 The boot process shall be uninterruptible and shall irrevocably boot the image
10 as specified in the boot environment.
12 In U-Boot set the "_bootdelay_" environment variable and/or define
13 `CONFIG_BOOTDELAY` to _-2_.
15 <!-- section-config -->
17 Domain | _Variable_ / `Config` name | `Value`
18 ---------------------- | -------------------------- | -------
19 Boot-Image-Selection-1 | `CONFIG_BOOTDELAY` | `-2`
20 Boot-Image-Selection-2 | _bootdelay_ | `-2`
22 <!-- end-section-config -->
24 --------------------------------------------------------------------------------
28 It shall not be possible to boot from an unverified image. The secure boot
29 feature in U-Boot shall be enabled. The secure boot feature is available from
30 U-Boot 2013.07 version. To enable the secure boot feature, enable the following
34 CONFIG_FIT: Enables support for Flat Image Tree (FIT) uImage format.
35 CONFIG_FIT_SIGNATURE: Enables signature verification of FIT images.
36 CONFIG_RSA: Enables RSA algorithm used for FIT image verification.
37 CONFIG_OF_CONTROL: Enables Flattened Device Tree (FDT) configuration.
38 CONFIG_OF_SEPARATE: Enables separate build of u-Boot from the device tree.
39 CONFIG_DEFAULT_DEVICE_TREE: Specifies the default Device Tree used for the run-time configuration of U-Boot.
42 Generate the U-Boot image with public keys to validate and load the image. It
43 shall use RSA2048 and SHA256 for authentication.
45 <!-- section-config -->
47 Domain | `Config` name | _State_
48 ------------------------- | ---------------------------- | --------
49 Boot-Image-Authenticity-1 | `CONFIG_FIT` | _Enable_
50 Boot-Image-Authenticity-2 | `CONFIG_FIT_SIGNATURE` | _Enable_
51 Boot-Image-Authenticity-3 | `CONFIG_RSA` | _Enable_
52 Boot-Image-Authenticity-4 | `CONFIG_OF_CONTROL` | _Enable_
53 Boot-Image-Authenticity-5 | `CONFIG_OF_SEPARATE` | _Enable_
54 Boot-Image-Authenticity-6 | `CONFIG_DEFAULT_DEVICE_TREE` | _Enable_
56 <!-- end-section-config -->
Code Review / AGL / documentation.git / blob