On Wed, Jul 20, 2016 at 08:32:50AM +0200, Mario Six wrote:
> In certain circumstances it comes in handy to be able to boot into a second
> U-Boot. But as of now it is not possible to boot a U-Boot binary that is
> inside
> a FIT image, which is problematic for projects that e.g. need to guarantee a
> unbroken chain of trust from SOC all the way into the OS, since the FIT
> signing
> mechanism cannot be used.
>
> This patch adds the capability to load such FIT images.
>
> An example .its snippet (utilizing signature verification) might look
> like the following:
>
> images {
> firmware@1 {
> description = "2nd stage U-Boot image";
> data = /incbin/("u-boot-dtb.img.gz");
> type = "firmware";
> arch = "arm";
> os = "u-boot";
> compression = "gzip";
> load = <0x8FFFC0>;
> entry = <0x900000>;
> signature@1 {
> algo = "sha256,rsa4096";
> key-name-hint = "key";
> };
> };
> };
>
> Signed-off-by: Mario Six <mario....@gdsys.cc>Reviewed-by: Tom Rini <tr...@konsulko.com> -- Tom
signature.asc
Description: Digital signature
_______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
