[U-Boot] [U-Boot, v2] common: fit: Allow U-Boot images to be booted

Tom Rini trini at konsulko.com
Tue Jul 26 04:32:01 CEST 2016


On Wed, Jul 20, 2016 at 08:32:50AM +0200, mario.six at gdsys.cc wrote:

> In certain circumstances it comes in handy to be able to boot into a second
> U-Boot. But as of now it is not possible to boot a U-Boot binary that is inside
> a FIT image, which is problematic for projects that e.g. need to guarantee a
> unbroken chain of trust from SOC all the way into the OS, since the FIT signing
> mechanism cannot be used.
> 
> This patch adds the capability to load such FIT images.
> 
> An example .its snippet (utilizing signature verification) might look
> like the following:
> 
> images {
> 	firmware at 1 {
> 		description = "2nd stage U-Boot image";
> 		data = /incbin/("u-boot-dtb.img.gz");
> 		type = "firmware";
> 		arch = "arm";
> 		os = "u-boot";
> 		compression = "gzip";
> 		load = <0x8FFFC0>;
> 		entry = <0x900000>;
> 		signature at 1 {
> 			algo = "sha256,rsa4096";
> 			key-name-hint = "key";
> 		};
> 	};
> };
> 
> Signed-off-by: Mario Six <mario.six at gdsys.cc>
> Reviewed-by: Tom Rini <trini at konsulko.com>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20160725/3347bfde/attachment.sig>


More information about the U-Boot mailing list