[U-Boot] [PATCH] rpi: Do not use dtb loaded by firmware

Alexander Graf agraf at suse.de
Wed Nov 14 13:53:36 UTC 2018


On 11/08/2018 10:05 AM, Jun Nie wrote:
> Alexander Graf <agraf at suse.de> 于2018年11月8日周四 下午4:59写道:
>> On 11/08/2018 09:36 AM, Jun Nie wrote:
>>> Do not use dtb loaded by firmware if fit image signature is enabled.
>>> So that u-boot.dtb can be used. The u-boot.dtb contains the pulibc key
>>> that is to verify Linux kernel FIT image blob.
>>>
>>> The u-boot.dtb can be loaded by Arm Trusted Firmware(ATF) together
>>> with u-boot.bin to make sure the key is protected by ATF.
>> I don't think I fully understand what you're trying to do here. If ATF
>> loads U-Boot as well as the DT, ATF can pass the DT to U-Boot which then
>> ends up as $fdtaddr. If you enable CONFIG_OF_BOARD, it even becomes the
>> input DT for U-Boot.
> Current usage is that pack u-boot.dtb to u-boot-nodtb.bin so that
> u-boot can find
> device tree in the end if u-boot binary. This saves separate signing
> to u-boot.dtb in
> ATF. Do you see any benefit to load u-boot.dtb separately and feed
> $fdtaddr to u-boot?

The main reason that is a useful scenario is that you can do 
modifications in upper layers that propagate. We use it for example to 
allow people to add dt overlays via config.txt, but you could as well 
use it to expose changes from ATF into U-Boot (and Linux from there).


Alex



More information about the U-Boot mailing list