On 27 July 2016 at 11:12, Andreas Dannenberg dannenberg@ti.com wrote:
This commit allows injecting a board/platform/device-specific post- processing function into the FIT image data loading process, which can include modifying the size and altering the starting source address of an image data artifact. This might be desired to do things like strip headers or footers attached to the images before they were packaged into the FIT, or to perform operations such as decryption or authentication. Introduce new configuration option CONFIG_FIT_IMAGE_POST_PROCESS to allow controlling this feature. If enabled, a platform-specific post- process function must be provided.
Signed-off-by: Andreas Dannenberg dannenberg@ti.com
While not limited to this use case this commit allows for example on TI high-security (HS) device variants to extend the secure boot chain to Kernel, DTB, and initramfs (and anything else really that can be bundled into a FIT image) by injecting calls to a TI-specific ROM API to perform authentication (and optionally decryption) of blobs.
At this stage of the boot process one is also free to use the FIT/ RSA/SHA-based verified boot scheme already built-into U-Boot to perform authentication on TI HS devices, providing a choice between a completely open solution or continuing to perform ROM-based calls (which would have the added benefit of supporting decryption, amongst other reasons such as faster performance due to inherent crypto accelerator usage).
This commit works in analogy to da74d1f "spl: fit: add support for post-processing of images" which introduced the CONFIG_SPL_FIT_IMAGE_POST_PROCESS option.
On a related note Andrew (on copy) will be taking over the work on this patch to address any feedback there might be since my last day at TI will be 07/29. I will still be monitoring the mailing list but might not be able to respond in the current capacity.
Thanks for your efforts and good luck!
Thanks and Regards, Andreas
Kconfig | 14 ++++++++++++++ common/image-fit.c | 26 +++++++++++++++++++++++++- 2 files changed, 39 insertions(+), 1 deletion(-)
Reviewed-by: Simon Glass sjg@chromium.org