[PATCH V4 09/14] arm: dts: iot2050: Allow verifying U-Boot proper by SPL

Jan Kiszka jan.kiszka at siemens.com
Thu Feb 2 09:07:54 CET 2023


From: Jan Kiszka <jan.kiszka at siemens.com>

Add hashes and configuration signature stubs to prepare verified boot
of main U-Boot by SPL.

Signed-off-by: Jan Kiszka <jan.kiszka at siemens.com>
---
 arch/arm/dts/k3-am65-iot2050-boot-image.dtsi | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/arch/arm/dts/k3-am65-iot2050-boot-image.dtsi b/arch/arm/dts/k3-am65-iot2050-boot-image.dtsi
index 3ee0842e993..9082a79a034 100644
--- a/arch/arm/dts/k3-am65-iot2050-boot-image.dtsi
+++ b/arch/arm/dts/k3-am65-iot2050-boot-image.dtsi
@@ -14,6 +14,7 @@
 		filename = "flash.bin";
 		pad-byte = <0xff>;
 		size = <0x8c0000>;
+		allow-repack;
 
 		blob-ext at 0x000000 {
 			offset = <0x000000>;
@@ -45,6 +46,9 @@
 					entry = <0x80800000>;
 					u-boot-nodtb {
 					};
+					hash {
+						algo = "sha256";
+					};
 				};
 
 				@fdt-SEQ {
@@ -52,6 +56,9 @@
 					type = "flat_dt";
 					arch = "arm64";
 					compression = "none";
+					hash {
+						algo = "sha256";
+					};
 				};
 
 #ifdef CONFIG_WDT_K3_RTI_FW_FILE
@@ -64,6 +71,9 @@
 						filename = CONFIG_WDT_K3_RTI_FW_FILE;
 						missing-msg = "k3-rti-wdt-firmware";
 					};
+					hash {
+						algo = "sha256";
+					};
 				};
 #endif
 			};
@@ -77,10 +87,16 @@
 #ifdef CONFIG_WDT_K3_RTI_FW_FILE
 					loadables = "k3-rti-wdt-firmware";
 #endif
+					signature {
+						sign-images = "firmware", "fdt", "loadables";
+					};
 				};
 			};
 		};
 
+		fdtmap {
+		};
+
 		/* primary env */
 		fill at 0x680000 {
 			offset = <0x680000>;
-- 
2.35.3



More information about the U-Boot mailing list