Jun Nie <jun....@linaro.org> 于2019年7月31日周三 下午4:16写道: > > Matthias Brugger <mbrug...@suse.com> 于2019年7月31日周三 下午4:05写道: > > > > > > > > On 11/07/2019 05:55, Jun Nie wrote: > > > Enable verified boot from FIT image with select configs > > > and specify boot script image node in FIT image, the FIT > > > image is verified before it is run. > > > > > > Code that reusing dtb in firmware is disabled, so that > > > the dtb with pubic key packed in u-boot.bin can be used > > > to verify the signature of next stage FIT image. > > > > > > Signed-off-by: Jun Nie <jun....@linaro.org> > > > --- > > > board/raspberrypi/rpi/rpi.c | 6 ++++++ > > > include/configs/rpi.h | 15 ++++++++++++++- > > > 2 files changed, 20 insertions(+), 1 deletion(-) > > > > > > diff --git a/board/raspberrypi/rpi/rpi.c b/board/raspberrypi/rpi/rpi.c > > > index 617c892..950ee84 100644 > > > --- a/board/raspberrypi/rpi/rpi.c > > > +++ b/board/raspberrypi/rpi/rpi.c > > > @@ -297,6 +297,7 @@ static void set_fdtfile(void) > > > env_set("fdtfile", fdtfile); > > > } > > > > > > +#ifndef CONFIG_FIT_SIGNATURE > > > /* > > > * If the firmware provided a valid FDT at boot time, let's expose it in > > > * ${fdt_addr} so it may be passed unmodified to the kernel. > > > @@ -311,6 +312,7 @@ static void set_fdt_addr(void) > > > > > > env_set_hex("fdt_addr", fw_dtb_pointer); > > > } > > > +#endif > > > > > > /* > > > * Prevent relocation from stomping on a firmware provided FDT blob. > > > @@ -393,7 +395,9 @@ static void set_serial_number(void) > > > > > > int misc_init_r(void) > > > { > > > +#ifndef CONFIG_FIT_SIGNATURE > > > set_fdt_addr(); > > > +#endif > > > set_fdtfile(); > > > set_usbethaddr(); > > > #ifdef CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG > > > @@ -470,6 +474,7 @@ int board_init(void) > > > return bcm2835_power_on_module(BCM2835_MBOX_POWER_DEVID_USB_HCD); > > > } > > > > > > +#ifndef CONFIG_FIT_SIGNATURE > > > /* > > > * If the firmware passed a device tree use it for U-Boot. > > > */ > > > @@ -479,6 +484,7 @@ void *board_fdt_blob_setup(void) > > > return NULL; > > > return (void *)fw_dtb_pointer; > > > } > > > +#endif > > > > Just to get this clear we need this because we want to pass the device tree > > via > > OF_SEPARATE, correct? > > You are right. U-boot need to read he signature from dtb. > > > > > > > > > int ft_board_setup(void *blob, bd_t *bd) > > > { > > > diff --git a/include/configs/rpi.h b/include/configs/rpi.h > > > index f76c7d1..ba91205 100644 > > > --- a/include/configs/rpi.h > > > +++ b/include/configs/rpi.h > > > @@ -180,11 +180,24 @@ > > > > > > #include <config_distro_bootcmd.h> > > > > > > +#ifdef CONFIG_FIT_SIGNATURE > > > +#define FIT_BOOT_CMD \ > > > + "boot_a_script=" \ > > > + "load ${devtype} ${devnum}:${distro_bootpart} " \ > > > + "${scriptaddr} ${prefix}${script}; " \ > > > + "iminfo ${scriptaddr};" \ > > > + "if test $? -eq 1; then reset; fi;" \ > > > + "source ${scriptaddr}:bootscr\0" > > > +#else > > > +#define FIT_BOOT_CMD "" > > > +#endif > > > + > > > > Doesn't this overwrite the boot_a_script in distro_bootcmd? > > > > Would it make sense to add FIT booting to the distro boot command? > > > > Regards, > > Matthias > > Yes, it overwrite the boot_a_script in distro_bootcmd. It is make > sense to add this to the distro boot command. I can send another patch > to move these lines to common code later. > > > > > > #define CONFIG_EXTRA_ENV_SETTINGS \ > > > "dhcpuboot=usb start; dhcp u-boot.uimg; bootm\0" \ > > > ENV_DEVICE_SETTINGS \ > > > ENV_MEM_LAYOUT_SETTINGS \ > > > - BOOTENV > > > + BOOTENV \ > > > + FIT_BOOT_CMD > > > > > > > > > #endif > > >
Hi Matthias, How do you think to merge this patch? Regards, Jun _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot