8e35bb07eb mkimage: Support automatic creating of a FIT without a .its
Hi Simon,
your commit 8e35bb07eb (2016-03-14) "mkimage: Support automatic creating of a FIT without a .its" added the "-f auto" option to mkimage. While convenient in many situation, I had to notice that with "-f auto" there is no checksum information included with any of the blobs stored in the FIT image.
I guess the rationale was that the primary use case for this was to generate combinations of a U-Boot image with several device tree blobs to be used / selected by the SPL, as one can see for example in scripts/Makefile.spl :
MKIMAGEFLAGS_$(SPL_BIN).multidtb.fit = -f auto -A $(ARCH) -T firmware -C none -O u-boot \ -n "Multi DTB fit image for $(SPL_BIN)" -E \ $(patsubst %,-b %,$(SHRUNK_ARCH_DTB))
And - at least at that time - most implementations of the SPL did not need/want checksum verification.
However I'm asking myself if this is not an unfortunate choice. It is trivial for a not-checksum-enabled SPL to ignore any checksum in the image, but not the other way round: if there is no checksum in the images, the SPL will never be able to verify one.
Would it not be a more reasonable default for operation unter the "-f auto" flag to enable at least simple checksumming, say by auto-adding something like
hash-1 { algo = "crc32"; };
to the generated descriptions?
Best regards,
Wolfgang Denk
Hi Wolfgang,
On Mon, 25 May 2020 at 05:38, Wolfgang Denk wd@denx.de wrote:
Hi Simon,
your commit 8e35bb07eb (2016-03-14) "mkimage: Support automatic creating of a FIT without a .its" added the "-f auto" option to mkimage. While convenient in many situation, I had to notice that with "-f auto" there is no checksum information included with any of the blobs stored in the FIT image.
I guess the rationale was that the primary use case for this was to generate combinations of a U-Boot image with several device tree blobs to be used / selected by the SPL, as one can see for example in scripts/Makefile.spl :
MKIMAGEFLAGS_$(SPL_BIN).multidtb.fit = -f auto -A $(ARCH) -T firmware -C none -O u-boot \ -n "Multi DTB fit image for $(SPL_BIN)" -E \ $(patsubst %,-b %,$(SHRUNK_ARCH_DTB))
And - at least at that time - most implementations of the SPL did not need/want checksum verification.
However I'm asking myself if this is not an unfortunate choice. It is trivial for a not-checksum-enabled SPL to ignore any checksum in the image, but not the other way round: if there is no checksum in the images, the SPL will never be able to verify one.
Would it not be a more reasonable default for operation unter the "-f auto" flag to enable at least simple checksumming, say by auto-adding something like
hash-1 { algo = "crc32"; };to the generated descriptions?
Yes it should be easy to add that. I'll take a look.
Regards, Simon
participants (2)
-
Simon Glass -
Wolfgang Denk