Hi Michael, On Thu, May 19, 2016 at 08:33:28PM +0200, Michal Simek wrote: > Hi Andreas, > > 2016-05-19 20:16 GMT+02:00 Andreas Dannenberg <dannenb...@ti.com>: > > > Hi Michal, > > > > On Thu, May 19, 2016 at 06:38:04PM +0200, Michal Simek wrote: > > > On 19.5.2016 18:15, Andreas Dannenberg wrote: > > > > On Tue, May 17, 2016 at 07:00:24PM +0200, Michal Simek wrote: > > > >> Support loading FIT in SPL for RAM bootmode. > > > >> CONFIG_SPL_LOAD_FIT_ADRESS points to address where FIT image is stored > > > >> in memory. > > > >> > > > >> Signed-off-by: Michal Simek <michal.si...@xilinx.com> > > > >> Reviewed-by: Simon Glass <s...@chromium.org> > > > >> --- > > > > > > > > Reviewed-by: Andreas Dannenberg <dannenb...@ti.com> > > > > > > > > > > > > That's a very useful addition to the SPL FIT toolbox! I have a use case > > > > where I may need to decrypt/authenticate an SPL FIT image in its > > entirety > > > > before processing it so this can be used for this as well. > > > > > > Do you have also use case where you need to load more files from FIT? > > > There is loadable entry in FIT config entry. > > > > Not yet but I may get there. I'm experimenting with using U-Boot to load > > and install a secure monitor mode application (specifically, OP-TEE OS), > > so that will need to come from somewhere eventually and FIT would be a > > natural place for that binary to reside since we can easily authenticate > > it. > > > ok what arch? > What's the flow which you want to support? > SPL to load OPTEE and ATF and full u-boot and jump to ATF which runs OPTEE > and run to U-Boot?
I working with TI's current SoCs and those are ARMv7-A and there is no ATF but instead a proprietary solution comprising ROM code and some low-level code that gets loaded/authenticated/executed by said ROM in a secure fashion before the regular boot flow starts (SPL, U-Boot, and so on). There is flexibility to load/install a new secure monitor code during SPL, U-Boot, or in fact at any other time (even after let's say Linux is booted up) but from an overall system architecture POV we need that new secure monitor (OP-TEE OS in this case) to be up before the Kernel is loaded. Anyways the goal is not only to get it working but also to have a solution that plays nice with everything else and can be contributed upstream. Thanks and Regards, Andreas _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot