Hello,
We just want to boot to Arria10 with signed U-Boot and kernel. We are using yocto kirkstone (4.0.26), when we activate Secure Boot, we encountered different problems.

• With U-Boot 2021.07, U-Boot SPL complains about FIT structure, and refused to check signature the FIT signature of the U-Boot 2nd stage.
• With U-Boot 2024.04, U-Boot SPL succeed in checking U-Boot 2nd stage signature but crashed when jumping to second stage.

Does anyone succeed to use Secure Boot on Arria10 ? Could you provide us links / scripts / help ?
Thank you Christian & Baptiste.

Please found some details juste below:

Try with U-Boot 2021.07

SPL check signature => KO

So we enabled U-Boot FIT_SPL_SIGNATURE support, but the SPL of U-Boot 2021.07 complains about formatting error (wrong padding), but the U-Boot FIT image was generated with mkimage with the -E option (External binaries) and checked OK with the fit_check_sign tool.

SPL load FIT without checking signature in the SPL => OK

If we temporarily remove the signature check of the SPL (CONFIG_SPL_LOAD_FIT=y and without CONFIG_FIT_SIGNATURE ), the SPL can load the FIT without error, then jump to the U-Boot 2nd stage.

With CONFIG_FIT_SIGNATURE=y, the signature of the kernel FIT is verified by the U-Boot 2nd stage, then jump to the kernel sucessfully.

Observation:

With U-Boot 2021.07 SPL, the U-Boot FIT is loaded in the OCRAM, then the external binary U-Boot firmware is loaded to SDRAM (according load attribute), and the external binary flat FDT is load juste after the U-Boot.

Try with U-Boot 2024.04

U-Boot 2nd stage => KO

With CONFIG_FIT_SPL_SIGNATURE=y, the U-Boot FIT image is loaded directly to SDRAM, the FIT signature is correctly checking the U-Boot FIT image, the U-Boot seccond stage is loaded to SDRAM and Flat FDT is copied just after the U-Boot 2nd stage, but when SPL jump to entry address of the U-Boot 2nd stage, the console becomes silent, then watchdog is triggered after a few seconds .

U-Boot SPL 2024.04 (Jun 06 2025 - 15:04:18 +0000)
DDRCAL: Success
WDT: Started watchdog@ffd00300 with servicing every 1000ms (10s timeout)
Trying to boot from MMC1
## Loading standalone from FIT Image at 01000000 ...
External Data
Using 'conf' configuration
Could not find subimage node type 'standalone' fit_addr=1000000 cfg_noffset=652 ph_type=1
## Loading firmware from FIT Image at 01000000 ...
External Data
Using 'conf' configuration
Trying 'u-boot' firmware subimage
Description: U-Boot (32-bit)
Created: 2011-04-05 23:00:00 UTC
Type: Firmware
Compression: uncompressed
External Data
Data Start: 0x01000638
Data Size: 515560 Bytes = 503.5 KiB
Architecture: ARM
OS: U-Boot
Load Address: 0x00500000
Hash node: 'hash-1'
Hash algo: sha256
Hash value: 06b7a8bc53fe2608bc6b194646300adaf20d6ef4da95f647d25f31a47fe3fce4
Hash len: 32
External Data
Loading firmware from 0x01000638 to 0x00500000
SPL: payload image: U-Boot load addr: 0x500000 size: 515560
## Loading fdt from FIT Image at 01000000 ...
Using 'conf' configuration
Trying 'fdt' fdt subimage
Description: U-Boot DTB
Created: 2011-04-05 23:00:00 UTC
Type: Flat Device Tree
Compression: uncompressed
External Data
Data Start: 0x0107e420
Data Size: 24328 Bytes = 23.8 KiB
Architecture: ARM
Can't get 'load' property from FIT 0x01000000, node: offset 384, name fdt (FDT_ERR_NOTFOUND)
Hash node: 'hash-1'
Hash algo: sha256
Hash value: 2a447139bbea6e0349ee861229a78cfe5c4141a4d31ca5dcb09fe3f3aad392e2
Hash len: 32
External Data
Can't get 'load' property from FIT 0x01000000, node: offset 384, name fdt (FDT_ERR_NOTFOUND)
Relocating FDT from 107e420 to 57dde8
Jumping to U-Boot...
SPL malloc() used 0x1054 bytes (4 KB)
image entry point: 0x500000

I remove the signature verification by SPL (CONFIG_FIT_SIGNATURE=y and without CONFIG_FIT_SPL_SIGNATURE), but it still won't boot.

I look the Golden System Reference Design (GSRD). It uses the same U-Boot version from the same repository altera u-boot-socfpga, but the GSRD is using legacy image (type firmware), that boots correctly, but cannot be signed.