On Tue, 16 Aug 2022 at 09:16, Sean Anderson sean.anderson@seco.com wrote:
Fman microcode is executable code (AFAICT) loaded into a coprocessor. As such, if verified boot is enabled, it must be verified like other executable code. However, this is not currently done.
This commit adds verified boot functionality by encapsulating the microcode in a FIT, which can then be signed/verified as normal. By default we allow fallback to unencapsulated firmware, but if CONFIG_FIT_SIGNATURE is enabled, then we make it mandatory. Because existing Layerscape do not use this config (instead enabling CONFIG_CHAIN_OF_TRUST), this should not break any existing boards.
An example (mildly-abbreviated) its is provided below:
/ { #address-cells = <1>;
images { firmware { data = /incbin/(/path/to/firmware); type = "firmware"; arch = "arm64"; compression = "none"; signature { algo = "sha256,rsa2048"; key-name-hint = "your key name"; }; }; }; configurations { default = "conf"; conf { description = "Load FMAN microcode"; fman = "firmware"; }; };};
Signed-off-by: Sean Anderson sean.anderson@seco.com
(no changes since v1)
drivers/net/fm/fm.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
Reviewed-by: Simon Glass sjg@chromium.org