[U-Boot] [PATCH v2 3/3] usb: gadget: f_sdp: Allow SPL to load and boot FIT via SDP

Sjoerd Simons sjoerd.simons at collabora.co.uk
Mon Jun 17 14:26:14 UTC 2019 

On Tue, 2019-06-04 at 18:56 -0300, Fabio Estevam wrote:
> On Tue, Jun 4, 2019 at 5:41 PM Sjoerd Simons
> <sjoerd.simons at collabora.co.uk> wrote:

> We have been using imx_usb_loader for a long time. After DM / fit
> comvesion the IVT piece is not added into the final .img.
> 
> From the main Makefile:
> 
> ifdef CONFIG_SPL_LOAD_FIT
> MKIMAGEFLAGS_u-boot.img = -f auto -A $(ARCH) -T firmware -C none -O
> u-boot \
> -a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
> -n "U-Boot $(UBOOTRELEASE) for $(BOARD) board" -E \
> $(patsubst %,-b arch/$(ARCH)/dts/%.dtb,$(subst ",,$(CONFIG_OF_LIST)))
> else
> MKIMAGEFLAGS_u-boot.img = -A $(ARCH) -T firmware -C none -O u-boot \
> -a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
> -n "U-Boot $(UBOOTRELEASE) for $(BOARD) board"
> MKIMAGEFLAGS_u-boot-ivt.img = -A $(ARCH) -T firmware_ivt -C none -O
> u-boot \
> -a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
> -n "U-Boot $(UBOOTRELEASE) for $(BOARD) board"
> u-boot-ivt.img: MKIMAGEOUTPUT = u-boot-ivt.img.log
> CLEAN_FILES += u-boot-ivt.img.log u-boot-dtb.imx.log SPL.log u-
> boot.imx.log
> endif
> 
> we  can see that the ivt is not added for the CONFIG_SPL_LOAD_FIT
> case.
> 
> I tried to change this logic, but so far was not able to make it
> work.

So when looking through how secure boot can work from the SPL i can
accross e246bfcfe. Which explains the u-boot SPL expect a signed fit
image with roughly the following layout:

--------------------------------------------------
|     |     |     |   |           |     |        |
| FIT | FIT | FIT |   | U-BOOT    | ATF | U-BOOT |
| FDT | IVT | CSF |   | nodtb.bin |     |   DTB  |
|     |     |     |   |           |     |        |
--------------------------------------------------

The code aligns the IVT at 0x1000 and the standard CSF size is
0x2000. So one has to set CONFIG_FIT_EXTERNAL_OFFSET=0x3000 (assuming the FIT FDT <= 0x1000 bytes) to make CONFIG_SECURE_BOOT work in this setup (even if HAB is off and the image isn't signed). Otherwise the SPL won't pick up the correct location for all the external data.

Seems a bit ugly that the start offset of the external data can't be
introspected from the fdt blob, but oh well. 

The way this seems to work for i.mx8 is that the SECOND_LOADER command
sticks in a IVT header into the fit image. I assume some other tooling
can then stick the CSF data in the appropriate place (anyone have a
pointer?).

Now i guess the first question becomes whether the i.mx6 should follow
the same layout. And if so how to integrate it properly (teach mkimage
about handling firmware_ivt for fit images?). 

Relatedly i was looking for a good description of using HAB for loading
the OS in FIT images, but failed to find a good document. pointers
welcome.


-- 
Sjoerd Simons
Collabora Ltd.

More information about the U-Boot mailing list