[U-Boot] [PATCH 4/6] spl: mmc: support loading i.MX container format file

Marek Vasut marex at denx.de
Wed May 22 11:41:19 UTC 2019


On 5/22/19 9:34 AM, Lukasz Majewski wrote:
[...]
>>>>>>> By using above approach we do have the NXP's "container"
>>>>>>> format only seen in the SPL (which is OK, as for example
>>>>>>> Samsung does similar thing with FBL/BL1). When SPL is
>>>>>>> "trused" we may use available facilities.  
>>>>>>
>>>>>> The issue to me is that sc_seco_authenticate could not take a
>>>>>> FIT image as input.  
>>>>>
>>>>> Is the sc_seco_authenticate an API accessible from SPL, U-Boot
>>>>> proper or Linux crypro engine driver?  
>>>>
>>>> Yes, it is an API accessible in SPL/U-Boot stage. I do not know
>>>> about Linux crypto driver.  
>>>
>>> Maybe it would be worth to check how Linux handle this? Maybe it
>>> would shed some more light on it?  
>>
>> I am not familiar with that, so might be stupid question below.
>> Does it really matter? 
> 
> I would check it just out of curiosity.

Yes, it matters, because there should be such API. How would Linux
authenticate e.g. userspace binaries if there wasn't one, surely not by
wrapping every single object into the custom vendor-specific container ?
And if there is one, you can use it to authenticate raw binaries from
U-Boot SPL too, e.g. fitImage blobs with an associated signature.

[...]

-- 
Best regards,
Marek Vasut


More information about the U-Boot mailing list