[U-Boot] [PATCH] SPL: Add HAB image authentication to FIT

Tom Rini trini at konsulko.com
Fri Nov 9 14:51:56 UTC 2018


On Fri, Nov 09, 2018 at 09:14:00AM +0000, Peng Fan wrote:

> From: Ye Li <ye.li at nxp.com>
> 
> Introduce two board level callback functions to FIT image loading process, and
> a SPL_FIT_FOUND flag to differentiate FIT image or RAW image.
> 
> Implement functions in imx common SPL codes to call HAB function
> to authenticate the FIT image. Generally, we have to sign multiple regions
> in FIT image:
> 1. Sign FIT FDT data (configuration)
> 2. Sign FIT external data (Sub-images)
> 
> Because the CSF supports to sign multiple memory blocks, so that we can use one
> signature to cover all regions in FIT image and only authenticate once.
> The authentication should be done after the entire FIT image is loaded into
> memory including all sub-images.
> We use "-p" option to generate FIT image to reserve a space for FIT IVT
> and FIT CSF, also this help to fix the offset of the external data (u-boot-nodtb.bin,
> ATF, u-boot DTB).
> 
> The signed FIT image layout is as below:

For the common code part:
Reviewed-by: Tom Rini <trini at konsulko.com>

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20181109/66c74be3/attachment.sig>


More information about the U-Boot mailing list