[U-Boot] [PATCH V2 1/2] SPL: Add HAB image authentication to FIT

[Stefano Babic]

On 17/11/18 10:10, Peng Fan wrote:
> From: Ye Li <ye.li at nxp.com>
> 
> Introduce two board level callback functions to FIT image loading process, and
> a SPL_FIT_FOUND flag to differentiate FIT image or RAW image.
> 
> Implement functions in imx common SPL codes to call HAB funtion
> to authenticate the FIT image. Generally, we have to sign multiple regions
> in FIT image:
> 1. Sign FIT FDT data (configuration)
> 2. Sign FIT external data (Sub-images)
> 
> Because the CSF supports to sign multiple memory blocks, so that we can use one
> signature to cover all regions in FIT image and only authenticate once.
> The authentication should be done after the entire FIT image is loaded into
> memory including all sub-images.
> We use "-p" option to generate FIT image to reserve a space for FIT IVT
> and FIT CSF, also this help to fix the offset of the external data (u-boot-nodtb.bin,
> ATF, u-boot DTB).
> 
> The signed FIT image layout is as below:
> --------------------------------------------------
> |     |     |     |   |           |     |        |
> | FIT | FIT | FIT |   | U-BOOT    | ATF | U-BOOT |
> | FDT | IVT | CSF |   | nodtb.bin |     |   DTB  |
> |     |     |     |   |           |     |        |
> --------------------------------------------------
> 
> Signed-off-by: Ye Li <ye.li at nxp.com>
> Reviewed-by: Peng Fan <peng.fan at nxp.com>
> Reviewed-by: Tom Rini <trini at konsulko.com>
> Signed-off-by: Peng Fan <peng.fan at nxp.com>
> ---
Applied to u-boot-imx, master, thanks !

Best regards,
Stefano Babic

-- 
=====================================================================
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic at denx.de
=====================================================================