I'm not sure if this is the appropriate mailing list to ask this question. I am working on customizing a BSP for an Nvidia Jetson Nano based board (using the meta-tegra layer as the basis for most of the development). One of the requirements for the project is to get secure-boot working, which Nvidia supports only up to u-boot (i.e. the custom Nvidia bootloader ensures that u-boot is signed using the public portion of the key that is burned onto the fuses).
Yet, we need to go a bit further and use u-boot to confirm that the kernel is also signed with the same key. Likewise with all executables on the rootfs. Does yocto provide functionality akin to this that I can leverage?
