[U-Boot] [PATCH v2 1/4] Introduce CONFIG_SPL_ABORT_ON_NON_FIT_IMAGE

Simon Glass sjg at chromium.org
Tue Nov 15 01:33:49 CET 2016 

Hi Andrew,

On 14 November 2016 at 15:05, Andrew F. Davis <afd at ti.com> wrote:
> On 11/14/2016 02:44 PM, Simon Glass wrote:
>> Hi Andrew,
>>
>> On 14 November 2016 at 12:14, Andrew F. Davis <afd at ti.com> wrote:
>>> Introduce CONFIG_SPL_ABORT_ON_NON_FIT_IMAGE. An SPL which define
>>> this will abort image loading if the image is not a FIT image.
>>>
>>> Signed-off-by: Andrew F. Davis <afd at ti.com>
>>> ---
>>>  Kconfig          | 9 +++++++++
>>>  common/spl/spl.c | 5 +++++
>>>  2 files changed, 14 insertions(+)
>>>
>>> diff --git a/Kconfig b/Kconfig
>>> index 1263d0b..eefebef 100644
>>> --- a/Kconfig
>>> +++ b/Kconfig
>>> @@ -291,6 +291,15 @@ config FIT_IMAGE_POST_PROCESS
>>>           injected into the FIT creation (i.e. the blobs would have been pre-
>>>           processed before being added to the FIT image).
>>>
>>> +config SPL_ABORT_ON_NON_FIT_IMAGE
>>
>> We already have CONFIG_IMAGE_FORMAT_LEGACY so how about
>> CONFIG_SPL_IMAGE_FORMAT_LEGACY instead? It can default to y if secure
>> boot is disabled.
>>
>
> We also already have CONFIG_SPL_ABORT_ON_RAW_IMAGE on which this is
> based. If we only disable legacy image support then RAW images should
> still be allowed, but we will fail early anyway, we will start to need
> an unmaintainable amount of pre-processor logic to to handle the
> different image types and what is allowed/not allowed.
>
> Even worse some boot modes don't seem to support FIT images (net,
> onenand) so these will alway expect legacy to work. Right now we simply
> have to disable these modes.

IMO CONFIG_SPL_ABORT_ON_RAW_IMAGE should become a positive option, to
fit in with the legacy format. Otherwise we'll get very confused I
think.

>
>>> +       bool "Disable SPL loading of non-FIT images"
>>> +       default y if SPL_FIT_SIGNATURE
>>> +       help
>>> +         SPL will not load and image if it is not a FIT image. This is
>>> +         useful for devices that only support authentication/encryption
>>> +         through SPL FIT loading paths and do not want SPL falling back
>>> +         to legacy image loading when a non-FIT image is present.
>>> +
>>>  config SPL_DFU_SUPPORT
>>>         bool "Enable SPL with DFU to load binaries to memory device"
>>>         depends on USB
>>> diff --git a/common/spl/spl.c b/common/spl/spl.c
>>> index bdb165a..3d8bee9 100644
>>> --- a/common/spl/spl.c
>>> +++ b/common/spl/spl.c
>>> @@ -93,6 +93,10 @@ void spl_set_header_raw_uboot(struct spl_image_info *spl_image)
>>>  int spl_parse_image_header(struct spl_image_info *spl_image,
>>>                            const struct image_header *header)
>>>  {
>>> +#ifdef CONFIG_SPL_ABORT_ON_NON_FIT_IMAGE
>>> +       /* non-FIT image found, proceed to other boot methods. */
>>> +       return -EINVAL;
>>
>> How about -EPROTONOSUPPORT since the request is not really invalid.
>>
>>> +#else
>>>         u32 header_size = sizeof(struct image_header);
>>>
>>>         if (image_get_magic(header) == IH_MAGIC) {
>>> @@ -156,6 +160,7 @@ int spl_parse_image_header(struct spl_image_info *spl_image,
>>>                 spl_set_header_raw_uboot(spl_image);
>>>  #endif
>>>         }
>>> +#endif
>>>         return 0;
>>>  }
>>>
>>> --
>>> 2.10.1
>>>

Regards,
Simon

More information about the U-Boot mailing list