I am trying to have full secure booting on the stm32mp platform, using FIP and fitImage on a custom distribution built using Yocto with the meta-st-stm32mp layer.
For the fit image signing, all steps are well described here [st wiki ] :
i haved added those modifications directly on stm32mp13-disco.conf (just for testing)
But i have this warning :
WARNING: u-boot-stm32mp-v2021.10-stm32mp-r2-r0 do_deploy: Failure while adding public key to u-boot binary. Verified boot won't be available.
So my kernel is well loaded but the signature is not checked.
I have changed nothing else after doing my repo sync (openstlinux/ yocto [ kirkstone]).
Is something there to add on configurations in order to implement FitImage signing ?