[U-Boot] [PATCH] common: image: Add support for post-processing of images
Simon Glass
sjg at chromium.org
Fri Jul 29 15:51:53 CEST 2016
On 27 July 2016 at 11:12, Andreas Dannenberg <dannenberg at ti.com> wrote:
> This commit allows injecting a board/platform/device-specific post-
> processing function into the FIT image data loading process, which can
> include modifying the size and altering the starting source address of
> an image data artifact. This might be desired to do things like strip
> headers or footers attached to the images before they were packaged into
> the FIT, or to perform operations such as decryption or authentication.
> Introduce new configuration option CONFIG_FIT_IMAGE_POST_PROCESS to
> allow controlling this feature. If enabled, a platform-specific post-
> process function must be provided.
>
> Signed-off-by: Andreas Dannenberg <dannenberg at ti.com>
> ---
>
> While not limited to this use case this commit allows for example on TI
> high-security (HS) device variants to extend the secure boot chain to
> Kernel, DTB, and initramfs (and anything else really that can be bundled
> into a FIT image) by injecting calls to a TI-specific ROM API to perform
> authentication (and optionally decryption) of blobs.
>
> At this stage of the boot process one is also free to use the FIT/
> RSA/SHA-based verified boot scheme already built-into U-Boot to perform
> authentication on TI HS devices, providing a choice between a completely
> open solution or continuing to perform ROM-based calls (which would have
> the added benefit of supporting decryption, amongst other reasons such
> as faster performance due to inherent crypto accelerator usage).
>
> This commit works in analogy to
> da74d1f "spl: fit: add support for post-processing of images"
> which introduced the CONFIG_SPL_FIT_IMAGE_POST_PROCESS option.
>
>
> On a related note Andrew (on copy) will be taking over the work on this
> patch to address any feedback there might be since my last day at TI will
> be 07/29. I will still be monitoring the mailing list but might not be
> able to respond in the current capacity.
Thanks for your efforts and good luck!
>
> Thanks and Regards,
> Andreas
>
> Kconfig | 14 ++++++++++++++
> common/image-fit.c | 26 +++++++++++++++++++++++++-
> 2 files changed, 39 insertions(+), 1 deletion(-)
Reviewed-by: Simon Glass <sjg at chromium.org>
More information about the U-Boot
mailing list