U-Boot provides a verified-boot feature based around FIT, but there is no standard way of implementing it for a board. At present the various required pieces must be built up separately, to produce a working implementation. In particular, there is no built-in support for selecting A/B boot or recovery mode.
This series introduces VPL, a verified program loader. Its purpose is to run the verified-boot process and decide which SPL binary should be run. Adding VPL into the boot flow provides a standard way of implementing verified boot. So far, only the phase itself is added along with some Kconfig options. The next step is to create a build for sandbox.
Changes in v3: - Move VPL Kconfig options to a separate patch - Add full build support for VPL
Changes in v2: - Add some more VPL Kconfig options
Simon Glass (7): doc: Convert SPL documentation to ReST doc: Expand SPL docs to explain the phase and config test: Tidy up test building with SPL spl: Move TPL_HASH_SUPPORT down next to other TPL options binman: Add VPL support Introduce Verifying Program Loader (VPL) vpl: Add Kconfig options for VPL
Kconfig | 10 + Makefile | 15 +- arch/sandbox/Kconfig | 8 + common/Kconfig | 67 ++++++ common/spl/Kconfig | 226 +++++++++++++++++++-- common/spl/spl.c | 25 ++- doc/develop/index.rst | 1 + doc/{README.SPL => develop/spl.rst} | 99 +++++---- drivers/clk/Kconfig | 10 + drivers/core/Makefile | 2 +- drivers/gpio/Kconfig | 11 + drivers/i2c/Kconfig | 11 + drivers/misc/Kconfig | 19 ++ drivers/pinctrl/Kconfig | 18 +- drivers/rtc/Kconfig | 9 + drivers/serial/Kconfig | 20 ++ drivers/sysreset/Kconfig | 10 + drivers/timer/Kconfig | 10 + include/bootstage.h | 2 + include/linux/kconfig.h | 3 + include/spl.h | 20 +- lib/Kconfig | 62 ++++++ scripts/Kbuild.include | 4 + scripts/Makefile.autoconf | 12 ++ scripts/Makefile.build | 4 + scripts/Makefile.lib | 5 + scripts/Makefile.spl | 37 +++- test/test-main.c | 2 +- tools/binman/etype/u_boot_vpl.py | 42 ++++ tools/binman/etype/u_boot_vpl_bss_pad.py | 44 ++++ tools/binman/etype/u_boot_vpl_dtb.py | 28 +++ tools/binman/etype/u_boot_vpl_expanded.py | 45 ++++ tools/binman/etype/u_boot_vpl_nodtb.py | 42 ++++ tools/binman/ftest.py | 110 ++++++++-- tools/binman/state.py | 3 +- tools/binman/test/082_fdt_update_all.dts | 2 + tools/binman/test/201_u_boot_vpl.dts | 11 + tools/binman/test/202_u_boot_vpl_nodtb.dts | 13 ++ tools/binman/test/203_fdt_incl_vpl.dts | 13 ++ tools/binman/test/204_vpl_bss_pad.dts | 17 ++ 40 files changed, 997 insertions(+), 95 deletions(-) rename doc/{README.SPL => develop/spl.rst} (61%) create mode 100644 tools/binman/etype/u_boot_vpl.py create mode 100644 tools/binman/etype/u_boot_vpl_bss_pad.py create mode 100644 tools/binman/etype/u_boot_vpl_dtb.py create mode 100644 tools/binman/etype/u_boot_vpl_expanded.py create mode 100644 tools/binman/etype/u_boot_vpl_nodtb.py create mode 100644 tools/binman/test/201_u_boot_vpl.dts create mode 100644 tools/binman/test/202_u_boot_vpl_nodtb.dts create mode 100644 tools/binman/test/203_fdt_incl_vpl.dts create mode 100644 tools/binman/test/204_vpl_bss_pad.dts