diff options
| author | Ye Li <ye.li@nxp.com> | 2017-11-08 23:23:04 -0600 |
|---|---|---|
| committer | Ye Li <ye.li@nxp.com> | 2018-04-27 02:32:17 -0700 |
| commit | b08a044d92e73f4f3dc94c599ccf982af7fb57ff (patch) | |
| tree | 5de2abf72dcd03517b2e5ae1399725a965777aff /common | |
| parent | 330a3108e3806fc2b9fa500f84ebfb4feb821c6d (diff) | |
MLK-16758-4 SPL: Add HAB image authentication to FIT
Introduce two board level callback functions to FIT image loading process, and
a SPL_FIT_FOUND flag to differentiate FIT image or RAW image.
Implement functions in imx common SPL codes to call HAB funtion
to authenticate the FIT image. Generally, we have to sign multiple regions
in FIT image:
1. Sign FIT FDT data (configuration)
2. Sign FIT external data (Sub-images)
Because the CSF supports to sign multiple memory blocks, so that we can use one
signature to cover all regions in FIT image and only authenticate once.
The authentication should be done after the entire FIT image is loaded into
memory including all sub-images.
We use "-p" option to generate FIT image to reserve a space for FIT IVT
and FIT CSF, also this help to fix the offset of the external data (u-boot-nodtb.bin,
ATF, u-boot DTB).
The signed FIT image layout is as below:
--------------------------------------------------
| | | | | | | |
| FIT | FIT | FIT | | U-BOOT | ATF | U-BOOT |
| FDT | IVT | CSF | | nodtb.bin | | DTB |
| | | | | | | |
--------------------------------------------------
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
(cherry picked from commit 078dd4eed6a04c3db7ec49a1bd1fbc63ebb82e1b)
Diffstat (limited to 'common')
| -rw-r--r-- | common/spl/spl_fit.c | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c index b705d030e7..9f3d4c96a4 100644 --- a/common/spl/spl_fit.c +++ b/common/spl/spl_fit.c @@ -15,6 +15,16 @@ #define CONFIG_SYS_BOOTM_LEN (64 << 20) #endif +__weak void board_spl_fit_post_load(ulong load_addr, size_t length) +{ + +} + +__weak ulong board_spl_fit_size_align(ulong size) +{ + return size; +} + /** * spl_fit_get_image_name(): By using the matching configuration subnode, * retrieve the name of an image, specified by a property name and an index @@ -341,6 +351,7 @@ int spl_load_simple_fit(struct spl_image_info *spl_image, */ size = fdt_totalsize(fit); size = (size + 3) & ~3; + size = board_spl_fit_size_align(size); base_offset = (size + 3) & ~3; /* @@ -364,8 +375,9 @@ int spl_load_simple_fit(struct spl_image_info *spl_image, align_len) & ~align_len); sectors = get_aligned_image_size(info, size, 0); count = info->read(info, sector, sectors, fit); - debug("fit read sector %lx, sectors=%d, dst=%p, count=%lu\n", - sector, sectors, fit, count); + debug("fit read sector %lx, sectors=%d, dst=%p, count=%lu, size=0x%lx\n", + sector, sectors, fit, count, size); + if (count == 0) return -EIO; @@ -473,5 +485,11 @@ int spl_load_simple_fit(struct spl_image_info *spl_image, if (spl_image->entry_point == FDT_ERROR || spl_image->entry_point == 0) spl_image->entry_point = spl_image->load_addr; + spl_image->flags |= SPL_FIT_FOUND; + +#ifdef CONFIG_SECURE_BOOT + board_spl_fit_post_load((ulong)fit, size); +#endif + return 0; } |