On Mon, Jun 02, 2014 at 10:04:43PM -0600, Simon Glass wrote:
This series fixes a few problems that have come up since the secure boot series was merged:
- A recent commit broken the assumption that u-boot.bin ends at a known
address (thus making things appended to U-Boot inaccessible from the code). This is fixed for Beaglebone and a few other boards. A new test is added to the Makefile to ensure that it does not break again. All boards have been tested to make sure the problem does not appear elsewhere.
- A way is needed to provide an externally-build device tree binary for
U-Boot. This allows signing to happen outside the U-Boot build system.
- The .img files generated by an OMAP build need to include the FDT if one
is appended.
- Adding signatures to an FDT can cause the FDT to run out of space. The
fix is to regenerate the FDT from scratch with different dtc parameters, so pretty painful. Instead, we automatically expand the FDT.
The last commit enables verified boot on a Beaglebone Black with a special configuration. Use 'am335x_boneblack_vboot' for this. This will soon disable support for legacy images.
Changes in v3:
- Add new patch to ensure the hash section is inside the image for cm_t335
- Add new patch to ensure the hash section is inside the image for mx31ads
- Rebase to master and update commit message
- Fix typo in commit message
- Add new patch to improve error handling in fit_common
- Rebase to master
- Also enable LZO and timestamps, plus increase the maximum kernel size
- Use verified boot only on a new board - am335x_boneblack_vboot
Changes in v2:
- Add new patch to ensure the hash section is inside the image for am335x
- Add new patch to check u-boot.bin size against symbol table
- Update to cover all omap devices
- Adjust for kbuild changes
- Fix line over 80cols
- Move device tree files into arch/arm/dts
Note that I applied this directly to master since it's largely TI boards or generic code, I hope you don't mind Albert.