Hi Michael,
On Thu, May 19, 2016 at 08:33:28PM +0200, Michal Simek wrote:
Hi Andreas,
2016-05-19 20:16 GMT+02:00 Andreas Dannenberg dannenberg@ti.com:
Hi Michal,
On Thu, May 19, 2016 at 06:38:04PM +0200, Michal Simek wrote:
On 19.5.2016 18:15, Andreas Dannenberg wrote:
On Tue, May 17, 2016 at 07:00:24PM +0200, Michal Simek wrote:
Support loading FIT in SPL for RAM bootmode. CONFIG_SPL_LOAD_FIT_ADRESS points to address where FIT image is stored in memory.
Signed-off-by: Michal Simek michal.simek@xilinx.com Reviewed-by: Simon Glass sjg@chromium.org
Reviewed-by: Andreas Dannenberg dannenberg@ti.com
That's a very useful addition to the SPL FIT toolbox! I have a use case where I may need to decrypt/authenticate an SPL FIT image in its
entirety
before processing it so this can be used for this as well.
Do you have also use case where you need to load more files from FIT? There is loadable entry in FIT config entry.
Not yet but I may get there. I'm experimenting with using U-Boot to load and install a secure monitor mode application (specifically, OP-TEE OS), so that will need to come from somewhere eventually and FIT would be a natural place for that binary to reside since we can easily authenticate it.
ok what arch? What's the flow which you want to support? SPL to load OPTEE and ATF and full u-boot and jump to ATF which runs OPTEE and run to U-Boot?
I working with TI's current SoCs and those are ARMv7-A and there is no ATF but instead a proprietary solution comprising ROM code and some low-level code that gets loaded/authenticated/executed by said ROM in a secure fashion before the regular boot flow starts (SPL, U-Boot, and so on). There is flexibility to load/install a new secure monitor code during SPL, U-Boot, or in fact at any other time (even after let's say Linux is booted up) but from an overall system architecture POV we need that new secure monitor (OP-TEE OS in this case) to be up before the Kernel is loaded.
Anyways the goal is not only to get it working but also to have a solution that plays nice with everything else and can be contributed upstream.
Thanks and Regards, Andreas