Secure Boot Authentication: How to authenticate Kernel and root file system
This is related to Secure Boot in Xilinx Ultrascale in embedded Linux Enivironment. At power-up, assuming we using RSA authentication only, CSU authenticate FSBL and U-Boot. Is there a procedure or ( Xilix APIs from U-boot ) to authenticate other images like Kernel, Root File System and device tree.
1- Secure Boot authenticate FSBL and U-Boot , How U-Boot is authenticating the Kernel ? The documents says that it is up to user to authenticate the rest after U-Boot.
2- Let assume in Bootgen ( BIF FILE) we add the kernel and we select rsa authentication. since the kernel will be in Boot.bin, does it mean that it will be authenticated as well. What happen if it fails authentication.
Is there a documented or recommended procedures for authenticating the rest of images based on HW Root of Trust ?