[PATCH 0/3] Misc fixes for SPL_FIT_SIGNATURE builds
This patch series contains a few fixes for issues found when experimenting with the SPL_FIT_SIGNATURE builds. Some of them are apparently necessary to properly integrate this U-boot feature with build systems such as Yocto, and by extension OpenBMC.
-Klaus
Klaus Heinrich Kiwi (3): Kconfig: SPL_FIT_SIGNATURE selects FIT_SIGNATURE Kconfig: SPL_FIT_SIGNATURE requires SPL_LOAD_FIT Makefile: Add (default) DEVICE_TREE to SPL FIT
Makefile | 1 + common/Kconfig.boot | 2 ++ 2 files changed, 3 insertions(+)
Selecting SPL_FIT_SIGNATURE (without selecting U-boot proper verified boot first) breaks the build due to CONFIG_FIT_SIGNATURE_MAX_SIZE being undefined, in addition to Kconfig warnings on RSA and IMAGE_SIGN_INFO unmet dependencies.
Signed-off-by: Klaus Heinrich Kiwi klaus@linux.vnet.ibm.com
---
common/Kconfig.boot | 1 + 1 file changed, 1 insertion(+)
diff --git a/common/Kconfig.boot b/common/Kconfig.boot index 5eaabdfc27..7a0f7d9501 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -162,6 +162,7 @@ config SPL_FIT_PRINT config SPL_FIT_SIGNATURE bool "Enable signature verification of FIT firmware within SPL" depends on SPL_DM + select FIT_SIGNATURE select SPL_FIT select SPL_CRYPTO_SUPPORT select SPL_HASH_SUPPORT
On Tue, Feb 09, 2021 at 03:41:53PM -0300, Klaus Heinrich Kiwi wrote:
Selecting SPL_FIT_SIGNATURE (without selecting U-boot proper verified boot first) breaks the build due to CONFIG_FIT_SIGNATURE_MAX_SIZE being undefined, in addition to Kconfig warnings on RSA and IMAGE_SIGN_INFO unmet dependencies.
Signed-off-by: Klaus Heinrich Kiwi klaus@linux.vnet.ibm.com
Applied to u-boot/master, thanks!
Having the ability to support firmware FIT signatures on the SPL sounds not so useful if the SPL is not supporting to load a (U-boot) firmware as a FIT image.
Signed-off-by: Klaus Heinrich Kiwi klaus@linux.vnet.ibm.com ---
common/Kconfig.boot | 1 + 1 file changed, 1 insertion(+)
diff --git a/common/Kconfig.boot b/common/Kconfig.boot index 7a0f7d9501..d323ad5d0b 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -162,6 +162,7 @@ config SPL_FIT_PRINT config SPL_FIT_SIGNATURE bool "Enable signature verification of FIT firmware within SPL" depends on SPL_DM + depends on SPL_LOAD_FIT || SPL_LOAD_FIT_FULL select FIT_SIGNATURE select SPL_FIT select SPL_CRYPTO_SUPPORT
On Tue, Feb 09, 2021 at 03:41:54PM -0300, Klaus Heinrich Kiwi wrote:
Having the ability to support firmware FIT signatures on the SPL sounds not so useful if the SPL is not supporting to load a (U-boot) firmware as a FIT image.
Signed-off-by: Klaus Heinrich Kiwi klaus@linux.vnet.ibm.com
Applied to u-boot/master, thanks!
U-boot allows the default device tree to be overridden from the build environment using the DEVICE_TREE variable.
Make sure that we include it in the SPL FIT mkimage build step.
This also fixes a broken image in case CONFIG_OF_LIST and CONFIG_OF_OVERLAY_LIST are unset (i.e., expected to be supplied by the DEVICE_TREE env var).
Signed-off-by: Klaus Heinrich Kiwi klaus@linux.vnet.ibm.com ---
Makefile | 1 + 1 file changed, 1 insertion(+)
diff --git a/Makefile b/Makefile index ebbedb1fb1..116d03947a 100644 --- a/Makefile +++ b/Makefile @@ -1386,6 +1386,7 @@ MKIMAGEFLAGS_u-boot.img = -f auto -A $(ARCH) -T firmware -C none -O u-boot \ -a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \ -p $(CONFIG_FIT_EXTERNAL_OFFSET) \ -n "U-Boot $(UBOOTRELEASE) for $(BOARD) board" -E \ + $(patsubst %,-b arch/$(ARCH)/dts/%.dtb,$(subst ",,$(DEVICE_TREE))) \ $(patsubst %,-b arch/$(ARCH)/dts/%.dtb,$(subst ",,$(CONFIG_OF_LIST))) \ $(patsubst %,-b arch/$(ARCH)/dts/%.dtbo,$(subst ",,$(CONFIG_OF_OVERLAY_LIST))) else
On Tue, Feb 09, 2021 at 03:41:55PM -0300, Klaus Heinrich Kiwi wrote:
U-boot allows the default device tree to be overridden from the build environment using the DEVICE_TREE variable.
Make sure that we include it in the SPL FIT mkimage build step.
This also fixes a broken image in case CONFIG_OF_LIST and CONFIG_OF_OVERLAY_LIST are unset (i.e., expected to be supplied by the DEVICE_TREE env var).
Signed-off-by: Klaus Heinrich Kiwi klaus@linux.vnet.ibm.com
Applied to u-boot/master, thanks!
participants (2)
-
Klaus Heinrich Kiwi -
Tom Rini