On 03/09/2019 09:12, Jun Nie wrote: > Heinrich Schuchardt <xypron.g...@gmx.de> 于2019年9月2日周一 下午7:19写道: >> >> On 9/2/19 12:30 PM, Matthias Brugger wrote: >>> +Alex, Lukas, Heinrich, Bin and Simon >>> >>> On 31/07/2019 10:16, Jun Nie wrote: >>>> Matthias Brugger <mbrug...@suse.com> 于2019年7月31日周三 下午4:05写道: >>>>> >>>>> >>>>> >>>>> On 11/07/2019 05:55, Jun Nie wrote: >>>>>> Enable verified boot from FIT image with select configs >>>>>> and specify boot script image node in FIT image, the FIT >>>>>> image is verified before it is run. >>>>>> >>>>>> Code that reusing dtb in firmware is disabled, so that >>>>>> the dtb with pubic key packed in u-boot.bin can be used >>>>>> to verify the signature of next stage FIT image. >>>>>> >>>>>> Signed-off-by: Jun Nie <jun....@linaro.org> >>>>>> --- >>>>>> board/raspberrypi/rpi/rpi.c | 6 ++++++ >>>>>> include/configs/rpi.h | 15 ++++++++++++++- >>>>>> 2 files changed, 20 insertions(+), 1 deletion(-) >>>>>> >>>>>> diff --git a/board/raspberrypi/rpi/rpi.c b/board/raspberrypi/rpi/rpi.c >>>>>> index 617c892..950ee84 100644 >>>>>> --- a/board/raspberrypi/rpi/rpi.c >>>>>> +++ b/board/raspberrypi/rpi/rpi.c >>>>>> @@ -297,6 +297,7 @@ static void set_fdtfile(void) >>>>>> env_set("fdtfile", fdtfile); >>>>>> } >>>>>> >>>>>> +#ifndef CONFIG_FIT_SIGNATURE >>>>>> /* >>>>>> * If the firmware provided a valid FDT at boot time, let's expose it >>>>>> in >>>>>> * ${fdt_addr} so it may be passed unmodified to the kernel. >>>>>> @@ -311,6 +312,7 @@ static void set_fdt_addr(void) >>>>>> >>>>>> env_set_hex("fdt_addr", fw_dtb_pointer); >>>>>> } >>>>>> +#endif >>>>>> >>>>>> /* >>>>>> * Prevent relocation from stomping on a firmware provided FDT blob. >>>>>> @@ -393,7 +395,9 @@ static void set_serial_number(void) >>>>>> >>>>>> int misc_init_r(void) >>>>>> { >>>>>> +#ifndef CONFIG_FIT_SIGNATURE >>>>>> set_fdt_addr(); >>>>>> +#endif >>>>>> set_fdtfile(); >>>>>> set_usbethaddr(); >>>>>> #ifdef CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG >>>>>> @@ -470,6 +474,7 @@ int board_init(void) >>>>>> return bcm2835_power_on_module(BCM2835_MBOX_POWER_DEVID_USB_HCD); >>>>>> } >>>>>> >>>>>> +#ifndef CONFIG_FIT_SIGNATURE >>>>>> /* >>>>>> * If the firmware passed a device tree use it for U-Boot. >>>>>> */ >>>>>> @@ -479,6 +484,7 @@ void *board_fdt_blob_setup(void) >>>>>> return NULL; >>>>>> return (void *)fw_dtb_pointer; >>>>>> } >>>>>> +#endif >>>>> >>>>> Just to get this clear we need this because we want to pass the device >>>>> tree via >>>>> OF_SEPARATE, correct? >>>> >>>> You are right. U-boot need to read he signature from dtb. >>>> >>>>> >>>>>> >>>>>> int ft_board_setup(void *blob, bd_t *bd) >>>>>> { >>>>>> diff --git a/include/configs/rpi.h b/include/configs/rpi.h >>>>>> index f76c7d1..ba91205 100644 >>>>>> --- a/include/configs/rpi.h >>>>>> +++ b/include/configs/rpi.h >>>>>> @@ -180,11 +180,24 @@ >>>>>> >>>>>> #include <config_distro_bootcmd.h> >>>>>> >>>>>> +#ifdef CONFIG_FIT_SIGNATURE >>>>>> +#define FIT_BOOT_CMD \ >>>>>> + "boot_a_script=" \ >>>>>> + "load ${devtype} ${devnum}:${distro_bootpart} " \ >>>>>> + "${scriptaddr} ${prefix}${script}; " \ >>>>>> + "iminfo ${scriptaddr};" \ >>>>>> + "if test $? -eq 1; then reset; fi;" \ >>>>>> + "source ${scriptaddr}:bootscr\0" >>>>>> +#else >>>>>> +#define FIT_BOOT_CMD "" >>>>>> +#endif >>>>>> + >>>>> >>>>> Doesn't this overwrite the boot_a_script in distro_bootcmd? >>>>> >>>>> Would it make sense to add FIT booting to the distro boot command? >>>>> >>>>> Regards, >>>>> Matthias >>>> >>>> Yes, it overwrite the boot_a_script in distro_bootcmd. It is make >>>> sense to add this to the distro boot command. I can send another patch >>>> to move these lines to common code later. >>>> >>> >>> Question to the people just added, as you have relevant submission to >>> distroboot. Do you think it makes sense to add FIT_BOOT_CMD to that? >>> >>> Regards, >>> Matthias >> >> The idea of distro-boot was to make it easier for Linux distributions to >> update the information needed by U-Boot to find the right kernel and >> ramdisk. >> >> According to doc/README.distro file extlinux.conf should be used for the >> communication between the distribution and U-Boot. Some distributions >> like Debian still rely on boot.scr. >> >> Many distributions (OpenBSD, FreeBSD, Suse, Fedora) have moved from >> distro-boot to UEFI as booting standard. Unfortunately we have not >> documented our support for this in doc/README.distro (TODO for me). >> Takahiro is working on secure boot using UEFI. Once completed this could >> obsolete FIT images. >> >> Would we expect Linux distributions to provide FIT images upon kernel >> updates? >> Is there any Linux distribution doing so? > > Embedded Linux, a new distribution from ARM, is using FIT images to > update kernel. > https://os.mbed.com/docs/mbed-linux-os/v0.8/welcome/index.html >
Ok, so secure boot does not provide all capabilities that FIT images do and there exists a distro which uses FIT images. I think that's enough to add FIT_BOOT_CMD to distro_boot. So please do so. Sorry that this has taken longer then expected. Regards, Matthias _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot