[U-Boot] [PATCH v2] SPL: FIT: Enable SPL_FIT_LOAD in RAM based boot mode

Andreas Dannenberg dannenberg at ti.com
Thu May 19 21:26:20 CEST 2016 

Hi Michael,

On Thu, May 19, 2016 at 08:33:28PM +0200, Michal Simek wrote:
> Hi Andreas,
> 
> 2016-05-19 20:16 GMT+02:00 Andreas Dannenberg <dannenberg at ti.com>:
> 
> > Hi Michal,
> >
> > On Thu, May 19, 2016 at 06:38:04PM +0200, Michal Simek wrote:
> > > On 19.5.2016 18:15, Andreas Dannenberg wrote:
> > > > On Tue, May 17, 2016 at 07:00:24PM +0200, Michal Simek wrote:
> > > >> Support loading FIT in SPL for RAM bootmode.
> > > >> CONFIG_SPL_LOAD_FIT_ADRESS points to address where FIT image is stored
> > > >> in memory.
> > > >>
> > > >> Signed-off-by: Michal Simek <michal.simek at xilinx.com>
> > > >> Reviewed-by: Simon Glass <sjg at chromium.org>
> > > >> ---
> > > >
> > > > Reviewed-by: Andreas Dannenberg <dannenberg at ti.com>
> > > >
> > > >
> > > > That's a very useful addition to the SPL FIT toolbox! I have a use case
> > > > where I may need to decrypt/authenticate an SPL FIT image in its
> > entirety
> > > > before processing it so this can be used for this as well.
> > >
> > > Do you have also use case where you need to load more files from FIT?
> > > There is loadable entry in FIT config entry.
> >
> > Not yet but I may get there. I'm experimenting with using U-Boot to load
> > and install a secure monitor mode application (specifically, OP-TEE OS),
> > so that will need to come from somewhere eventually and FIT would be a
> > natural place for that binary to reside since we can easily authenticate
> > it.
> 
> 
> ok what arch?
> What's the flow which you want to support?
> SPL to load OPTEE and ATF and full u-boot and jump to ATF which runs OPTEE
> and run to U-Boot?

I working with TI's current SoCs and those are ARMv7-A and there is no
ATF but instead a proprietary solution comprising ROM code and some
low-level code that gets loaded/authenticated/executed by said ROM in a
secure fashion before the regular boot flow starts (SPL, U-Boot, and so
on). There is flexibility to load/install a new secure monitor code
during SPL, U-Boot, or in fact at any other time (even after let's say
Linux is booted up) but from an overall system architecture POV we need
that new secure monitor (OP-TEE OS in this case) to be up before the
Kernel is loaded.

Anyways the goal is not only to get it working but also to have a
solution that plays nice with everything else and can be contributed
upstream.

Thanks and Regards,
Andreas

More information about the U-Boot mailing list