[PATCH v2 0/6] net: fm: Verify Fman microcode

Sean Anderson sean.anderson at seco.com
Fri Apr 22 19:38:34 CEST 2022


Surprisingly, Fman microcode does not seem to be verified. This series
aims to rectify this by introducing an optional FIT wrapper. This
wrapper is made mandatory if FIT_SIGNATURE is enabled. NXP boards do not
use this config, so the microcode will remain unverified for them. This
is OK, since we do not want to break existing systems.

This series depends on [1]. There is no logical dependency, but they
modify adjacent #includes, so the past patch will not apply cleanly
unless that series is applied.

[1] https://lore.kernel.org/u-boot/20220422173032.2259019-1-sean.anderson@seco.com/

Changes in v2:
- Document helpers
- Split off Fman microcode verification patches into their own series
- Split helper refactoring into a patch adding the helpers and one patch
  per subsystem.

Sean Anderson (6):
  ARMv8/sec_firmware: Remove SEC_FIRMWARE_FIT_CNF_NAME
  image: fit: Add some helpers for getting data
  ARMv8/sec_firmware: Convert to use fit_get_data_conf_prop
  cmd: fpga: Convert to use fit_get_data_node
  net: Convert fit verification to use fit_get_data_*
  net: fm: Add support for FIT firmware

 arch/arm/cpu/armv8/sec_firmware.c  | 52 ++--------------------
 boot/image-fit.c                   | 37 ++++++++++++++++
 cmd/fpga.c                         | 24 +++-------
 drivers/net/fm/fm.c                | 18 ++++++++
 drivers/net/fsl-mc/mc.c            | 30 ++-----------
 drivers/net/pfe_eth/pfe_firmware.c | 40 +----------------
 include/image.h                    | 70 ++++++++++++++++++++++++++++++
 7 files changed, 139 insertions(+), 132 deletions(-)

-- 
2.35.1.1320.gc452695387.dirty



More information about the U-Boot mailing list