chapter2: Clarify that hashed-nodes is only a signer hint

sjg20 · sjg20 · commit fed0a0671510 · 2026-03-16T16:52:46.000-06:00
The hashed-nodes property is not itself protected by a hash, so
a loader cannot rely on it for validation. Clarify that it serves
only as a hint for the signer.

Signed-off-by: Simon Glass &lt;sjg@chromium.org&gt;
diff --git a/source/chapter2-source-file-format.rst b/source/chapter2-source-file-format.rst
@@ -483,7 +483,10 @@ value
 
 hashed-nodes
     A list of nodes which were :index:`hashed <pair: nodes; hashed>` by the
-    signer. Each is a string - the full path to node. A typical value might be::
+    signer. Each is a string - the full path to node. Since this property
+    is not itself protected by a hash, it serves only as a hint for the
+    signer and must not be relied upon by the loader for validation
+    purposes. A typical value might be::
 
 	hashed-nodes = "/", "/configurations/conf-1", "/images/kernel",
 	    "/images/kernel/hash-1", "/images/fdt-1",
