From f7982c42f7d027003915f05f61168e15a1a64921 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Iwanicki?= <michal.iwanicki@3mdeb.com>
Date: Wed, 11 Dec 2024 14:57:53 +0100
Subject: [PATCH] post: odroid-m1-secure-boot: add more explanations
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Michał Iwanicki <michal.iwanicki@3mdeb.com>
---
 .../post/2024-04-12-odroid-m1-secure-boot.md  | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/blog/content/post/2024-04-12-odroid-m1-secure-boot.md b/blog/content/post/2024-04-12-odroid-m1-secure-boot.md
index 46c5c83c..7b78ae7c 100644
--- a/blog/content/post/2024-04-12-odroid-m1-secure-boot.md
+++ b/blog/content/post/2024-04-12-odroid-m1-secure-boot.md
@@ -523,6 +523,7 @@ After configuration, we build by using `make`. It should build signed U-Boot wit
 public key embedded inside SPL.
 
 ```text
+make odroid-m1-sb-rk3568_defconfig
 make -j$(nproc)
 (...)
  Default Configuration: 'config-1'
@@ -544,6 +545,10 @@ Signature written to 'u-boot.itb', node '/configurations/config-1/signature'
   OFCHK   .config
 ```
 
+By default, `odroid-m1-sb-rk3568_defconfig` enables signing of only
+configuration. Anyone interested why can read more on
+[https://github.com/u-boot/u-boot](https://github.com/u-boot/u-boot/blob/master/doc/usage/fit/signature.rst#signed-configurations).
+
 ### Signing idbloader
 
 Signing idbloader is similar to [Signing Loader](#signing-loader) section except
@@ -560,6 +565,17 @@ failed to get key = sign_algo
 signing idbloader ok
 ```
 
+You can verify whether `idbloader.img` is signed correctly by using
+
+```shell
+tools/rk_sign_tool vb --idb ../u-boot/idbloader.img
+********sign_tool ver 1.4********
+IDB binary is ../u-boot/idbloader.img
+verifying idbloader ok
+```
+
+In case of unsigned file command would return `invalid idblock tag`
+
 ### U-Boot Verification
 
 To check if SPL is signed correctly and that it correctly verifies U-Boot I have
@@ -586,6 +602,9 @@ Trying to boot from MMC2
 =>
 ```
 
+Expected output should contain `sha256,rsa2048:dev+ OK` which means signature
+was verified correctly (`+` sign).
+
 ## What's next
 
 While I managed to enable Secure Boot on Odroid it would be good to more