I implemented an open source solution called mender.io which provides OTA (over-the-air) software update to the iMX6UL board. I'm using Yocto's sumo distribution. Currently, a u-boot system is running on our board:
Firstly Poky's u-boot is basically working. On top of that, the ones from Variscite's u-boot.bbappend file are run, and the last ones are added from Mender's u-boot.bbappend file.
I want to run this structure using HAB (High Assurance Boot). So I want to sign only u-boot, SPL and kernel to run signed software. However, since we don't have a single u-boot, it doesn't seem possible or I don't understand. Can anyone help with this?