[PATCH v2] emulation: fdt: Allow using U-Boot's device tree with QEMU
Tom Rini
trini at konsulko.com
Tue Apr 15 16:12:26 CEST 2025
On Tue, Apr 15, 2025 at 10:22:50AM +0300, Ilias Apalodimas wrote:
> Hi Tom
>
> Thanks for roping me in.
You were cc'd on the original, fwiw.
>
> On Tue, 15 Apr 2025 at 01:53, Tom Rini <trini at konsulko.com> wrote:
> >
> > On Sun, Apr 06, 2025 at 07:07:04AM +1200, Simon Glass wrote:
> >
> > > At present it is impossible to change the qemu_arm64 defconfig to
> > > obtain a devicetree from the U-Boot build.
> > >
> > > This is necessary for FIT validation, for example, where the signature
> > > node must be compiled into U-Boot.
>
> I'll repeat once more, that using the DT to store whatever random data
> you invent makes little sense.
> No one is obliged to follow internal U-Boot ABIs. Instead, it would
> make much more sense to store the data in the U-Boot binary somewhere
> and retrieve them. On top of that we now have proper memory
> permissions at least for arm64 and you can place certificates in
> .rodata.
I don't see the high level difference really between blob with a
signature attached somewhere being good (signed EFI files where the
signature isn't an external file) vs blob with a signature attached
somewhere being bad (what Simon is doing with FIT here). So as long as
we can drop the antagonism (and don't break other use cases) I'm fine
with letting this alternate way of securing a system proceed.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20250415/7b5e3aca/attachment.sig>
More information about the U-Boot
mailing list