[PATCH] arm: socfpga: Enable FIT signature with crc32 for SOC64 devices
Siew Chin Lim
elly.siew.chin.lim at intel.com
Wed Mar 24 16:56:37 CET 2021
Add signature with crc32 value for all images in binman node for FIT
image in device tree. And, enable FIT signature checking for Stratix10
and Agilex ATF and VAB sdmmc boot.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim at intel.com>
---
arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi | 30 +++++++++++++++++++++++++-----
configs/socfpga_agilex_atf_defconfig | 4 ++++
configs/socfpga_agilex_vab_defconfig | 4 ++++
configs/socfpga_stratix10_atf_defconfig | 4 ++++
4 files changed, 37 insertions(+), 5 deletions(-)
diff --git a/arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi b/arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi
index 4b30473743..84b91e8df0 100644
--- a/arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi
+++ b/arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi
@@ -29,10 +29,12 @@
arch = "arm64";
compression = "none";
load = <0x00200000>;
-
uboot_blob: blob-ext {
filename = "u-boot-nodtb.bin";
};
+ hash {
+ algo = "crc32";
+ };
};
atf {
@@ -43,20 +45,24 @@
compression = "none";
load = <0x00001000>;
entry = <0x00001000>;
-
atf_blob: blob-ext {
filename = "bl31.bin";
};
+ hash {
+ algo = "crc32";
+ };
};
fdt {
description = "U-Boot SoC64 flat device-tree";
type = "flat_dt";
compression = "none";
-
uboot_fdt_blob: blob-ext {
filename = "u-boot.dtb";
};
+ hash {
+ algo = "crc32";
+ };
};
};
@@ -67,6 +73,11 @@
firmware = "atf";
loadables = "uboot";
fdt = "fdt";
+ signature {
+ algo = "crc32";
+ key-name-hint = "dev";
+ sign-images = "atf", "fdt", "uboot";
+ };
};
};
};
@@ -87,10 +98,12 @@
compression = "none";
load = <0x4080000>;
entry = <0x4080000>;
-
kernel_blob: blob-ext {
filename = "Image";
};
+ hash {
+ algo = "crc32";
+ };
};
fdt {
@@ -98,10 +111,12 @@
type = "flat_dt";
arch = "arm64";
compression = "none";
-
kernel_fdt_blob: blob-ext {
filename = "linux.dtb";
};
+ hash {
+ algo = "crc32";
+ };
};
};
@@ -111,6 +126,11 @@
description = "Intel SoC64 FPGA";
kernel = "kernel";
fdt = "fdt";
+ signature {
+ algo = "crc32";
+ key-name-hint = "dev";
+ sign-images = "fdt", "kernel";
+ };
};
};
};
diff --git a/configs/socfpga_agilex_atf_defconfig b/configs/socfpga_agilex_atf_defconfig
index 7adda02b00..e5b7f4b52a 100644
--- a/configs/socfpga_agilex_atf_defconfig
+++ b/configs/socfpga_agilex_atf_defconfig
@@ -14,6 +14,10 @@ CONFIG_IDENT_STRING="socfpga_agilex"
CONFIG_SPL_FS_FAT=y
CONFIG_DEFAULT_DEVICE_TREE="socfpga_agilex_socdk"
CONFIG_FIT=y
+CONFIG_FIT_SIGNATURE=y
+CONFIG_FIT_SIGNATURE_MAX_SIZE=0x10000000
+CONFIG_SPL_FIT_SIGNATURE=y
+CONFIG_SPL_CRC32_SUPPORT=y
CONFIG_SPL_LOAD_FIT=y
CONFIG_SPL_LOAD_FIT_ADDRESS=0x02000000
# CONFIG_USE_SPL_FIT_GENERATOR is not set
diff --git a/configs/socfpga_agilex_vab_defconfig b/configs/socfpga_agilex_vab_defconfig
index bca663ed61..fac9cf72e5 100644
--- a/configs/socfpga_agilex_vab_defconfig
+++ b/configs/socfpga_agilex_vab_defconfig
@@ -15,6 +15,10 @@ CONFIG_IDENT_STRING="socfpga_agilex"
CONFIG_SPL_FS_FAT=y
CONFIG_DEFAULT_DEVICE_TREE="socfpga_agilex_socdk"
CONFIG_FIT=y
+CONFIG_FIT_SIGNATURE=y
+CONFIG_FIT_SIGNATURE_MAX_SIZE=0x10000000
+CONFIG_SPL_FIT_SIGNATURE=y
+CONFIG_SPL_CRC32_SUPPORT=y
CONFIG_SPL_LOAD_FIT=y
CONFIG_SPL_LOAD_FIT_ADDRESS=0x02000000
# CONFIG_USE_SPL_FIT_GENERATOR is not set
diff --git a/configs/socfpga_stratix10_atf_defconfig b/configs/socfpga_stratix10_atf_defconfig
index 8dbb7424ba..7466025bc0 100644
--- a/configs/socfpga_stratix10_atf_defconfig
+++ b/configs/socfpga_stratix10_atf_defconfig
@@ -14,6 +14,10 @@ CONFIG_IDENT_STRING="socfpga_stratix10"
CONFIG_SPL_FS_FAT=y
CONFIG_DEFAULT_DEVICE_TREE="socfpga_stratix10_socdk"
CONFIG_FIT=y
+CONFIG_FIT_SIGNATURE=y
+CONFIG_FIT_SIGNATURE_MAX_SIZE=0x10000000
+CONFIG_SPL_FIT_SIGNATURE=y
+CONFIG_SPL_CRC32_SUPPORT=y
CONFIG_SPL_LOAD_FIT=y
CONFIG_SPL_LOAD_FIT_ADDRESS=0x02000000
# CONFIG_USE_SPL_FIT_GENERATOR is not set
--
2.13.0
More information about the U-Boot
mailing list