[U-Boot] [PATCH 2/2] arm: mxs: Add support for generating signed BootStream

Stefano Babic sbabic at denx.de
Fri Apr 4 11:52:09 CEST 2014 

Hi Marek,

On 03/04/2014 19:12, Marek Vasut wrote:
> This patch adds the groundwork for generating signed BootStream, which
> can be used by the HAB library in i.MX28. We are adding a new target,
> u-boot-signed.sb , since the process for generating regular non-signed
> BootStream is much easier. Moreover, the signed bootstream depends on
> external _proprietary_ _binary-only_ tool from Freescale called 'cst',
> which is available only under NDA.
> 
> To make things even uglier, the CST or HAB mandates a kind-of circular
> dependency. The problem is, unlike the regular IVT, which is generated
> by mxsimage, the IVT for signed boot must be generated by hand here due
> to special demands of the CST. The U-Boot binary (or SPL binary) and IVT
> are then signed by the CST as a one block. But here is the problem. The
> size of the entire image (U-Boot, IVT, CST blocks) must be appended at
> the end of IVT. But the size of the entire image is not known until the
> CST has finished signing the U-Boot and IVT. We solve this by expecting
> the CST block to be always 3904B (which it is in case two files, U-Boot
> and the hand-made IVT, are signed in the CST block).
> 
> Signed-off-by: Marek Vasut <marex at denx.de>
> Cc: Stefano Babic <sbabic at denx.de>
> ---
>  Makefile                                       |  2 +
>  arch/arm/cpu/arm926ejs/mxs/Makefile            | 60 ++++++++++++++++++++++++++
>  arch/arm/cpu/arm926ejs/mxs/mxsimage-signed.cfg | 10 +++++
>  3 files changed, 72 insertions(+)
>  create mode 100644 arch/arm/cpu/arm926ejs/mxs/mxsimage-signed.cfg
> 
> NOTE: Stefano, I had to tweak this to play well with kbuild.
> 

ok - only to track what we have already discussed via IIRC.

The patch was already accepted, but it conflicts with current
u-boot-arm. I revert it on u-boot-imx, and Marek rebased it.

Marek, I could not apply it directly after merging u-boot-arm - maybe
because we set on different commit id. Never mind, I merge it again and
it looks ok.

I have pushed a -test branch on u-boot-imx after merging u-boot-arm and
your patches. It looks ok, and if you do not complain, I will send it to
Albert for inclusion in u-boot-arm.

Thanks,
Stefano



-- 
=====================================================================
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic at denx.de
=====================================================================

More information about the U-Boot mailing list