Hi Simon,
-----Original Message----- From: Simon Glass sjg@chromium.org Sent: Thursday, January 7, 2021 8:37 PM To: Lim, Elly Siew Chin elly.siew.chin.lim@intel.com Cc: U-Boot Mailing List u-boot@lists.denx.de; Marek Vasut marex@denx.de; Tan, Ley Foon ley.foon.tan@intel.com; See, Chin Liang chin.liang.see@intel.com; Simon Goldschmidt simon.k.r.goldschmidt@gmail.com; Chee, Tien Fong tien.fong.chee@intel.com; Westergreen, Dalon dalon.westergreen@intel.com; Gan, Yau Wai yau.wai.gan@intel.com Subject: Re: [v2 4/6] arm: socfpga: dts: soc64: Update filename in binman node of FIT image with VAB support
On Thu, 7 Jan 2021 at 03:03, Siew Chin Lim elly.siew.chin.lim@intel.com wrote:
FIT image of Vendor Authentication Coot (VAB) contains signed images.
Signed-off-by: Siew Chin Lim elly.siew.chin.lim@intel.com
arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
I'm not quite sure what is happening here, but consider using two separate files rather than what looks like a patch over an existing one.
There are two boot flow will use binman (socfpga_soc64_fit-u-boot.dtsi) to generate u-boot.fit and kernel.fit: 1. socfpga_agilex_atf_defconfig (boot via ATF) 2. socfpga_agilex_vab_defconfig (boot via ATF with VAB enabled, support authentication on bl31, u-boot, Linux images)
The binman node settings are the same for both flows. With VAB enabled, all inputs file need to be signed before generate FIT image. We would like to use different input file name to remind user that they need to sign all bl31, u-boot, Linux images when using binman to generate FIT image.
Due to the binman node settings are identical and only the file name need to be different, so we prefer to share the same socfpga_soc64_fit-u-boot.dtsi for both flows.
Thanks, Siew Chin
diff --git a/arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi b/arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi index cf365590a8..4b30473743 100644 --- a/arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi +++ b/arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi @@ -117,4 +117,26 @@ }; };
+#if defined(CONFIG_SOCFPGA_SECURE_VAB_AUTH) +&uboot_blob {
filename = "signed-u-boot-nodtb.bin"; };+&atf_blob {
filename = "signed-bl31.bin";+};
+&uboot_fdt_blob {
filename = "signed-u-boot.dtb"; };+&kernel_blob {
filename = "signed-Image";+};
+&kernel_fdt_blob {
filename = "signed-linux.dtb"; }; #endif#endif
2.13.0