[U-Boot] [PATCH] SPL: Add HAB image authentication to FIT
Simon Glass
sjg at chromium.org
Tue Nov 13 19:54:12 UTC 2018
Hi Peng,
On 9 November 2018 at 01:14, Peng Fan <peng.fan at nxp.com> wrote:
> From: Ye Li <ye.li at nxp.com>
>
> Introduce two board level callback functions to FIT image loading process, and
> a SPL_FIT_FOUND flag to differentiate FIT image or RAW image.
>
> Implement functions in imx common SPL codes to call HAB function
> to authenticate the FIT image. Generally, we have to sign multiple regions
> in FIT image:
> 1. Sign FIT FDT data (configuration)
> 2. Sign FIT external data (Sub-images)
>
> Because the CSF supports to sign multiple memory blocks, so that we can use one
> signature to cover all regions in FIT image and only authenticate once.
> The authentication should be done after the entire FIT image is loaded into
> memory including all sub-images.
> We use "-p" option to generate FIT image to reserve a space for FIT IVT
> and FIT CSF, also this help to fix the offset of the external data (u-boot-nodtb.bin,
> ATF, u-boot DTB).
>
> The signed FIT image layout is as below:
> --------------------------------------------------
> | | | | | | | |
> | FIT | FIT | FIT | | U-BOOT | ATF | U-BOOT |
> | FDT | IVT | CSF | | nodtb.bin | | DTB |
> | | | | | | | |
> --------------------------------------------------
>
> Signed-off-by: Ye Li <ye.li at nxp.com>
> Reviewed-by: Peng Fan <peng.fan at nxp.com>
> Signed-off-by: Peng Fan <peng.fan at nxp.com>
> ---
> arch/arm/mach-imx/spl.c | 44 ++++++++++++++++++++++++++++++++++++++------
> common/spl/spl_fit.c | 21 +++++++++++++++++++--
> include/spl.h | 1 +
> 3 files changed, 58 insertions(+), 8 deletions(-)
Can you please add function prototypes to spl.h along with comments?
Regards,
Simon
More information about the U-Boot
mailing list