[U-Boot] [PATCH v2 3/3] usb: gadget: f_sdp: Allow SPL to load and boot FIT via SDP
Fabio Estevam
festevam at gmail.com
Mon Jun 17 14:57:39 UTC 2019
Hi Sjoerd,
Adding Breno in case he has some insights.
On Mon, Jun 17, 2019 at 11:26 AM Sjoerd Simons
<sjoerd.simons at collabora.co.uk> wrote:
>
> On Tue, 2019-06-04 at 18:56 -0300, Fabio Estevam wrote:
> > On Tue, Jun 4, 2019 at 5:41 PM Sjoerd Simons
> > <sjoerd.simons at collabora.co.uk> wrote:
>
> > We have been using imx_usb_loader for a long time. After DM / fit
> > comvesion the IVT piece is not added into the final .img.
> >
> > From the main Makefile:
> >
> > ifdef CONFIG_SPL_LOAD_FIT
> > MKIMAGEFLAGS_u-boot.img = -f auto -A $(ARCH) -T firmware -C none -O
> > u-boot \
> > -a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
> > -n "U-Boot $(UBOOTRELEASE) for $(BOARD) board" -E \
> > $(patsubst %,-b arch/$(ARCH)/dts/%.dtb,$(subst ",,$(CONFIG_OF_LIST)))
> > else
> > MKIMAGEFLAGS_u-boot.img = -A $(ARCH) -T firmware -C none -O u-boot \
> > -a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
> > -n "U-Boot $(UBOOTRELEASE) for $(BOARD) board"
> > MKIMAGEFLAGS_u-boot-ivt.img = -A $(ARCH) -T firmware_ivt -C none -O
> > u-boot \
> > -a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
> > -n "U-Boot $(UBOOTRELEASE) for $(BOARD) board"
> > u-boot-ivt.img: MKIMAGEOUTPUT = u-boot-ivt.img.log
> > CLEAN_FILES += u-boot-ivt.img.log u-boot-dtb.imx.log SPL.log u-
> > boot.imx.log
> > endif
> >
> > we can see that the ivt is not added for the CONFIG_SPL_LOAD_FIT
> > case.
> >
> > I tried to change this logic, but so far was not able to make it
> > work.
>
> So when looking through how secure boot can work from the SPL i can
> accross e246bfcfe. Which explains the u-boot SPL expect a signed fit
> image with roughly the following layout:
>
> --------------------------------------------------
> | | | | | | | |
> | FIT | FIT | FIT | | U-BOOT | ATF | U-BOOT |
> | FDT | IVT | CSF | | nodtb.bin | | DTB |
> | | | | | | | |
> --------------------------------------------------
>
> The code aligns the IVT at 0x1000 and the standard CSF size is
> 0x2000. So one has to set CONFIG_FIT_EXTERNAL_OFFSET=0x3000 (assuming the FIT FDT <= 0x1000 bytes) to make CONFIG_SECURE_BOOT work in this setup (even if HAB is off and the image isn't signed). Otherwise the SPL won't pick up the correct location for all the external data.
>
> Seems a bit ugly that the start offset of the external data can't be
> introspected from the fdt blob, but oh well.
>
> The way this seems to work for i.mx8 is that the SECOND_LOADER command
> sticks in a IVT header into the fit image. I assume some other tooling
> can then stick the CSF data in the appropriate place (anyone have a
> pointer?).
>
> Now i guess the first question becomes whether the i.mx6 should follow
> the same layout. And if so how to integrate it properly (teach mkimage
> about handling firmware_ivt for fit images?).
>
> Relatedly i was looking for a good description of using HAB for loading
> the OS in FIT images, but failed to find a good document. pointers
> welcome.
>
>
> --
> Sjoerd Simons
> Collabora Ltd.
More information about the U-Boot
mailing list