[U-Boot] [PATCH] rpi3: Enable verified boot from FIT image
Enable verified boot from FIT image with select configs and specify boot script image node in FIT image, the FIT image is verified before it is run.
Code that reusing dtb in firmware is disabled, so that the dtb with pubic key packed in u-boot.bin can be used to verify the signature of next stage FIT image.
Signed-off-by: Jun Nie jun.nie@linaro.org --- board/raspberrypi/rpi/rpi.c | 6 ++++++ include/configs/rpi.h | 15 ++++++++++++++- 2 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/board/raspberrypi/rpi/rpi.c b/board/raspberrypi/rpi/rpi.c index 617c892..950ee84 100644 --- a/board/raspberrypi/rpi/rpi.c +++ b/board/raspberrypi/rpi/rpi.c @@ -297,6 +297,7 @@ static void set_fdtfile(void) env_set("fdtfile", fdtfile); }
+#ifndef CONFIG_FIT_SIGNATURE /* * If the firmware provided a valid FDT at boot time, let's expose it in * ${fdt_addr} so it may be passed unmodified to the kernel. @@ -311,6 +312,7 @@ static void set_fdt_addr(void)
env_set_hex("fdt_addr", fw_dtb_pointer); } +#endif
/* * Prevent relocation from stomping on a firmware provided FDT blob. @@ -393,7 +395,9 @@ static void set_serial_number(void)
int misc_init_r(void) { +#ifndef CONFIG_FIT_SIGNATURE set_fdt_addr(); +#endif set_fdtfile(); set_usbethaddr(); #ifdef CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG @@ -470,6 +474,7 @@ int board_init(void) return bcm2835_power_on_module(BCM2835_MBOX_POWER_DEVID_USB_HCD); }
+#ifndef CONFIG_FIT_SIGNATURE /* * If the firmware passed a device tree use it for U-Boot. */ @@ -479,6 +484,7 @@ void *board_fdt_blob_setup(void) return NULL; return (void *)fw_dtb_pointer; } +#endif
int ft_board_setup(void *blob, bd_t *bd) { diff --git a/include/configs/rpi.h b/include/configs/rpi.h index f76c7d1..ba91205 100644 --- a/include/configs/rpi.h +++ b/include/configs/rpi.h @@ -180,11 +180,24 @@
#include <config_distro_bootcmd.h>
+#ifdef CONFIG_FIT_SIGNATURE +#define FIT_BOOT_CMD \ + "boot_a_script=" \ + "load ${devtype} ${devnum}:${distro_bootpart} " \ + "${scriptaddr} ${prefix}${script}; " \ + "iminfo ${scriptaddr};" \ + "if test $? -eq 1; then reset; fi;" \ + "source ${scriptaddr}:bootscr\0" +#else +#define FIT_BOOT_CMD "" +#endif + #define CONFIG_EXTRA_ENV_SETTINGS \ "dhcpuboot=usb start; dhcp u-boot.uimg; bootm\0" \ ENV_DEVICE_SETTINGS \ ENV_MEM_LAYOUT_SETTINGS \ - BOOTENV + BOOTENV \ + FIT_BOOT_CMD
#endif
Jun Nie jun.nie@linaro.org 于2019年7月11日周四 上午11:56写道:
Enable verified boot from FIT image with select configs and specify boot script image node in FIT image, the FIT image is verified before it is run.
Code that reusing dtb in firmware is disabled, so that the dtb with pubic key packed in u-boot.bin can be used to verify the signature of next stage FIT image.
Hi Matthias,
Do you have comments on verified boot config here?
Thanks! Jun
Jun Nie jun.nie@linaro.org 于2019年7月11日周四 上午11:56写道:
Enable verified boot from FIT image with select configs and specify boot script image node in FIT image, the FIT image is verified before it is run.
Code that reusing dtb in firmware is disabled, so that the dtb with pubic key packed in u-boot.bin can be used to verify the signature of next stage FIT image.
Signed-off-by: Jun Nie jun.nie@linaro.org
board/raspberrypi/rpi/rpi.c | 6 ++++++ include/configs/rpi.h | 15 ++++++++++++++- 2 files changed, 20 insertions(+), 1 deletion(-)
Hi Matthias,
Do you have any concern or comments for merging this patch?
Regards, Jun
participants (1)
-
Jun Nie