Hi Bryan,
2017-12-28 16:49 GMT-02:00 Bryan O'Donoghue bryan.odonoghue@linaro.org:
The IVT gives the absolute address of the CSF. There is no requirement for the CSF to be located adjacent to the IVT so lets use the address provided in the IVT header instead of the fixed CSF offset currently in place.
Its worth noting if you use u-boot mkimage and the i.MX CST tool as described in the NXP documentation you will get an image like
IVT | BINARY | CSF not IVT | CSF | BINARY as the code currently assumes.
Your patch looks fine, just a comment here.
The hab_rvt_authenticate_image() is usually executed for extending the root of trust beyond the initial boot image (zImage, u-boot-ivt.img), in my understanding the layout described on the NXP documentation " | IVT | BINARY | CSF | " just applies for the initial boot images.
For additional boot images the expected layout is currently documented in "arch/arm/mach-imx/hab.c" | BINARY | IVT | CSF |
Maybe this sentence can be reformulated for better understanding.
Thanks, Breno Lima