[U-Boot] [PATCH V2 1/2] SPL: Add HAB image authentication to FIT
Stefano Babic
sbabic at denx.de
Sat Dec 8 17:41:33 UTC 2018
On 17/11/18 10:10, Peng Fan wrote:
> From: Ye Li <ye.li at nxp.com>
>
> Introduce two board level callback functions to FIT image loading process, and
> a SPL_FIT_FOUND flag to differentiate FIT image or RAW image.
>
> Implement functions in imx common SPL codes to call HAB funtion
> to authenticate the FIT image. Generally, we have to sign multiple regions
> in FIT image:
> 1. Sign FIT FDT data (configuration)
> 2. Sign FIT external data (Sub-images)
>
> Because the CSF supports to sign multiple memory blocks, so that we can use one
> signature to cover all regions in FIT image and only authenticate once.
> The authentication should be done after the entire FIT image is loaded into
> memory including all sub-images.
> We use "-p" option to generate FIT image to reserve a space for FIT IVT
> and FIT CSF, also this help to fix the offset of the external data (u-boot-nodtb.bin,
> ATF, u-boot DTB).
>
> The signed FIT image layout is as below:
> --------------------------------------------------
> | | | | | | | |
> | FIT | FIT | FIT | | U-BOOT | ATF | U-BOOT |
> | FDT | IVT | CSF | | nodtb.bin | | DTB |
> | | | | | | | |
> --------------------------------------------------
>
> Signed-off-by: Ye Li <ye.li at nxp.com>
> Reviewed-by: Peng Fan <peng.fan at nxp.com>
> Reviewed-by: Tom Rini <trini at konsulko.com>
> Signed-off-by: Peng Fan <peng.fan at nxp.com>
> ---
Applied to u-boot-imx, master, thanks !
Best regards,
Stefano Babic
--
=====================================================================
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic at denx.de
=====================================================================
More information about the U-Boot
mailing list