A quick grep through the latest and greatest release shows this:
$ grep -r STM32MP157C-DK2 . | grep machine
./meta-st/meta-st-stm32mp/conf/machine/stm32mp1-disco.conf:#@DESCRIPTION: [EXAMPLE] STM32MP157C-DK2 board ONLY with Trusted boot and SDcard support
./meta-st/meta-st-stm32mp/conf/machine/stm32mp1-disco.conf:M4_BOARDS = "STM32MP157C-DK2"
./meta-st/meta-st-stm32mp-addons/conf/machine/examples/stm32mp1-disco-mx.conf.sample:#@DESCRIPTION: [STM32CubeMX-EXAMPLE] STM32MP157C-DK2 board ONLY with Trusted boot and SDcard support
./meta-st/meta-st-stm32mp-addons/conf/machine/examples/stm32mp1-disco-mx.conf.sample:CUBEMX_PROJECT = "mx/STM32MP157C-DK2/my-demo/DeviceTree/my-demo"
So I am wondering if/how it's possible to have a kernel/device tree/rootfs which is not signed.
My ideal setup grabs (unsigned) kernel/device tree from tftp and passes to the kernel the kernel command line to boot over nfs (unsigned as well).
If this possible at all here with an unsigned kernel/device tree/rootfs?
If so, can you please elaborate a bit how?
My understanding is, that instead of U-Boot SPL TF-A is used, which loads a signed kernel and device tree (as a matter of fact there seem to be 3 device trees).
Now, I could imagine, that without burning the proper fuses, you could still load unsigned stuff (and the errors are ignored).
Thanks,
Robert
