[PATCH RFC 2/3] WIP: getting signing nodes to work in FIT generator node
Simon Glass
sjg at chromium.org
Fri Jul 28 04:35:31 CEST 2023
Hi Neha,
On Thu, 27 Jul 2023 at 06:12, Neha Malcom Francis <n-francis at ti.com> wrote:
>
> They need to get the contents of the FIT section beforehand, process
> them and prepend the signing certificate to the FIT contents
>
> Signed-off-by: Neha Malcom Francis <n-francis at ti.com>
> ---
> tools/binman/etype/collection.py | 38 +++++++++++++++++++++++---------
> tools/binman/etype/fit.py | 1 +
> tools/binman/etype/ti_secure.py | 13 ++++++++---
> tools/binman/etype/x509_cert.py | 9 ++++++--
> 4 files changed, 46 insertions(+), 15 deletions(-)
I am not quite sure about this, but it seems there is a bit too much magic?
>From what I can tell, you want:
@fdt-SEQ {
ti-secure {
content = <&dtb>;
}
dtb: blob-ext {
filename = "u-boot-spl.dtb";
}
};
where the 'dtb' phande can work even though it is in a generated node.
Is that right? If so, I suspect it could be done.
Re the fit,fdt-indir that is where I get confused...you want it to
affect the generator somehow? How is that? The last patch gives me
some clues but I don't understand why some nodes have the
fit,fdt-indir property and some do not?
I suspect what would help me understand is to write a test .dts and a
test that doesn't work, but illustrates what you want...then we might
get closer to a suitable design. Once the design is clean, the impl
should follow.
Regards,
Simon
More information about the U-Boot
mailing list