[PATCH 7/7] rockchip: make_fit_atf: add signature handling
Heiko Stübner
heiko at sntech.de
Mon Apr 20 15:20:30 CEST 2020
Hi Simon,
Am Montag, 20. April 2020, 01:38:20 CEST schrieb Simon Glass:
> On Fri, 17 Apr 2020 at 16:07, Heiko Stuebner <heiko at sntech.de> wrote:
> >
> > From: Heiko Stuebner <heiko.stuebner at theobroma-systems.com>
> >
> > If the newly added fit-generator key-options are found, append needed
> > signature nodes to all generated image blocks, so that they can get
> > signed when mkimage later compiles the .itb from the generated .its.
> >
> > Signed-off-by: Heiko Stuebner <heiko.stuebner at theobroma-systems.com>
> > ---
> > arch/arm/mach-rockchip/make_fit_atf.py | 51 +++++++++++++++++++++++++-
> > 1 file changed, 50 insertions(+), 1 deletion(-)
>
> Was there an effort to move this to binman?
The generation really is part of the core build process.
When creating the u-boot.itb with signed entries, mkimage -K writes the
data of the used key to dt-spl.dtb which then gets put into the spl binary.
[spl needs the key-data in its dtb to verify the signatures]
So I don't really see how this would work without moving the whole
spl generation to binman.
Heiko
More information about the U-Boot
mailing list