Hi Philippe, On Wed, 17 Nov 2021 at 10:52, Philippe Reynes <philippe.rey...@softathome.com> wrote: > > This serie adds a stage pre-load before launching an image. > This stage is used to read a header before the image and > this header contains the signature of the full image. > So u-boot may check the full image before using any > data of the image. > > Changelog: > v3: > - move image-pre-load.c to /boot > - update mkimage to add public key in u-boot device tree > - add script gen_pre_load_header.sh > v2: > - move the code to image-pre-load > - add support of stage pre-load for spl > - add support of stage pre-load on spl_ram > > Philippe Reynes (8): > lib: allow to build asn1 decoder and oid registry in SPL > lib: crypto: allow to build crypyo in SPL > lib: rsa: allow rsa verify with pkey in SPL > boot: image: add a stage pre-load > cmd: bootm: add a stage pre-load > common: spl: fit_ram: allow to use image pre load > mkimage: add public key for image pre-load stage > tools: gen_pre_load_header.sh: initial import > > boot/Kconfig | 33 ++++ > boot/Makefile | 1 + > boot/bootm.c | 33 ++++ > boot/image-pre-load.c | 291 +++++++++++++++++++++++++++++++++++ > cmd/Kconfig | 10 ++ > cmd/bootm.c | 2 +- > common/spl/spl_ram.c | 21 ++- > include/image.h | 25 +++ > lib/Kconfig | 6 + > lib/Makefile | 9 +- > lib/crypto/Kconfig | 15 ++ > lib/crypto/Makefile | 19 ++- > lib/rsa/Kconfig | 8 + > tools/fit_image.c | 3 + > tools/gen_pre_load_header.sh | 174 +++++++++++++++++++++ > tools/image-host.c | 116 ++++++++++++++ > 16 files changed, 755 insertions(+), 11 deletions(-) > create mode 100644 boot/image-pre-load.c > create mode 100755 tools/gen_pre_load_header.sh
Two main comments: - Should use binman to add the header...or mkimage? - Need to add a test, e.g. for sandbox_spl Regards, Simon