[PATCH 7/7] rockchip: make_fit_atf: add signature handling

Heiko Stübner heiko at sntech.de
Mon Apr 20 15:20:30 CEST 2020


Hi Simon,

Am Montag, 20. April 2020, 01:38:20 CEST schrieb Simon Glass:
> On Fri, 17 Apr 2020 at 16:07, Heiko Stuebner <heiko at sntech.de> wrote:
> >
> > From: Heiko Stuebner <heiko.stuebner at theobroma-systems.com>
> >
> > If the newly added fit-generator key-options are found, append needed
> > signature nodes to all generated image blocks, so that they can get
> > signed when mkimage later compiles the .itb from the generated .its.
> >
> > Signed-off-by: Heiko Stuebner <heiko.stuebner at theobroma-systems.com>
> > ---
> >  arch/arm/mach-rockchip/make_fit_atf.py | 51 +++++++++++++++++++++++++-
> >  1 file changed, 50 insertions(+), 1 deletion(-)
> 
> Was there an effort to move this to binman?

The generation really is part of the core build process.
When creating the u-boot.itb with signed entries, mkimage -K writes the
data of the used key to dt-spl.dtb which then gets put into the spl binary.
[spl needs the key-data in its dtb to verify the signatures]

So I don't really see how this would work without moving the whole
spl generation to binman.


Heiko




More information about the U-Boot mailing list