[PATCH v3 11/11] binman: etype: Add xilinx_fsbl_auth etype

Simon Glass sjg at chromium.org
Wed Jul 19 03:08:29 CEST 2023 

On Tue, 18 Jul 2023 at 05:53, <lukas.funke-oss at weidmueller.com> wrote:
>
> From: Lukas Funke <lukas.funke at weidmueller.com>
>
> This adds a new etype 'xilinx-fsbl-auth'. By using this etype it is
> possible to created an authenticated SPL (FSBL in Xilinx terms) for
> ZynqMP boards.
>
> The etype uses Xilinx Bootgen tools in order to transform the SPL into
> a bootable image and sign the image with a given primary and secondary
> public key. For more information to signing the FSBL please refer to the
> Xilinx Bootgen documentation.
>
> Here is an example of the etype in use:
>
>     spl {
>         filename = "boot.signed.bin";
>
>         xilinx-fsbl-auth {
>             psk-key-name-hint = "psk0";
>             ssk-key-name-hint = "ssk0";
>             auth-params = "ppk_select=0", "spk_id=0x00000000";
>
>             u-boot-spl-nodtb {
>             };
>             u-boot-spl-dtb {
>             };
>         };
>     };
>
> For this to work the hash of the primary public key has to be fused
> into the ZynqMP device and authentication (RSA_EN) has to be set.
>
> For testing purposes: if ppk hash check should be skipped one can add
> the property 'fsbl_config = "bh_auth_enable";' to the etype. However,
> this should only be used for testing(!).
>
> Signed-off-by: Lukas Funke <lukas.funke at weidmueller.com>
>
> ---
>
> Changes in v3:
> - Changed etype from entry to section
> - Changed property name "psk-filename" to "psk-key-name-hint"
> - Changed property name "ssk-filename" to "ssk-key-name-hint"
> - Decode spl elf file instead of reading start symbol
> - Improved test coverage
> - Improved documentation
>
> Changes in v2:
> - Add 'keysrc-enc' property to pass down to Bootgen
> - Improved documentation
> - Use predictable output names for intermediated results
>
>  tools/binman/entries.rst               |  71 ++++++++
>  tools/binman/etype/xilinx_fsbl_auth.py | 221 +++++++++++++++++++++++++
>  2 files changed, 292 insertions(+)
>  create mode 100644 tools/binman/etype/xilinx_fsbl_auth.py

Reviewed-by: Simon Glass <sjg at chromium.org>

More information about the U-Boot mailing list