On Mon, Jul 18, 2016 at 02:05:42PM +0200, Mario Six wrote:
In certain circumstances it comes in handy to be able to boot into a second U-Boot. But as of now it is not possible to boot a U-Boot binary that is inside a FIT image, which is problematic for projects that e.g. need to guarantee a unbroken chain of trust from SOC all the way into the OS, since the FIT signing mechanism cannot be used.
This patch adds the capability to load such FIT images.
An example its snippet (utilizing signature verification) might look like the following:
images { kernel@1 { description = "2nd stage U-Boot image"; data = /incbin/("u-boot-dtb.img.gz"); type = "kernel"; arch = "arm"; os = "u-boot"; compression = "gzip"; load = <0x8FFFC0>; entry = <0x900000>; signature@1 { algo = "sha256,rsa4096"; key-name-hint = "key"; }; }; };
Signed-off-by: Mario Six mario.six@gdsys.cc
Reviewed-by: Tom Rini trini@konsulko.com