Hi Simon,

I am implementing the secure u-boot for our custom board and have a question with the current implementation of secure framework with u-boot loading the "loadables" images.

I got the latest 2015.07 mainline branch and am trying to load a bootloader( FIT format) from already loaded bootloader !

First stage--------------> 2nd stage -------------------> OS FIT (MLO,u-boot) (u-boot.bin) (kernel, RFS,DTB)

I created an .its file just to boot a 2nd stage bootloader

/dts-v1/;

/ { description = "ABB Measurement Product images"; #address-cells = <1>;

images { u-boot@1 { data = /incbin/("u-boot.bin"); type = "u-boot"; arch = "arm"; compression = "none"; load = <0x82000000>; entry = <0x82000000>; hash@1 { algo = "sha1"; }; };

}; configurations { default = "2100000@xx"; 2100000@xx { description = "2nd stage BL"; u-boot = "u-boot@1"; loadables = "u-boot@1" signature@1 { algo = "sha1,rsa2048"; key-name-hint = "dev"; sign-images = "u-boot"; }; };

};

};

I am able to load it on my device and successfully verify the signature. How ever the bootm command is trying to find an os image every time. I have looked at the cmd_bootm.c file and looks like it checks for the valid os image for booting.

I think it would be good if a special case in bootm is introduced which can just load the "loadable" images independent of the kernel image. This will allow the users to support multiple image scenario without any depencies. I think a separate command is necessary which can verify a signature and just load the "loadable" images in the required memory addresses.

Is there a way kernel images loading can be ignored in bootm ?

Testing:

I tried to load my bootloader fit image and run it with bootm $loadaddr:u-boot command U-Boot# bootm $loadaddr:u-boot ## Loading kernel from FIT Image at 82800000 ... Trying 'u-boot' kernel subimage Description: unavailable Created: 2015-08-03 21:45:12 UTC Type: Standalone Program Compression: uncompressed Data Start: 0x828000b4 Data Size: 385283 Bytes = 376.3 KiB Architecture: ARM Load Address: 0x82000000 Entry Point: 0x82000000 Hash algo: sha1 Hash value: d44663a203a151fe52c93029ec1fecee0d30192a Verifying Hash Integrity ... sha1+ OK No Unknown OS ARM Kernel Image Image ERROR: can't get kernel image!

If I use the bootm $loadaddr#configuration command it tries to run the kernel image and it crashes but loads my required image at the memory address.

Thanks, [cid:image002.png@01CFF360.603F39C0]

Harsha Kiran KJ Software engineer II ABB Inc. 7051 Industrial Boulevard 74006, Bartlesville, Oklahoma, UNITED STATES Phone: +1 9183384851 Mobile: +1 4053854043 email: kmailto:ricardo.andujar@us.abb.comj.h.kiran@us.abb.com