From: Lukas Funke <lukas.fu...@weidmueller.com>
This series adds two etypes to create a verified boot chain for Xilinx ZynqMP devices. The first etype 'xilinx_fsbl_auth' is used to create a bootable, signed image for ZynqMP boards using the Xilinx Bootgen tool. The second etype 'u_boot_spl_pubkey_dtb' is used to add a '/signature' node to the SPL. The public key in the signature is read from a certificate file and added using the 'fdt_add_pubkey' tool. The series also contains the corresponding btool for calling 'bootgen' and 'fdt_add_pubkey' The following block shows an example on how to use this functionality: spl { filename = "boot.signed.bin"; xilinx_fsbl_auth { psk-filename = "psk0.pem"; ssk-filename = "ssk0.pem"; auth-params = "ppk_select=0", "spk_id=0x00000000"; u_boot_spl_nodtb { }; u_boot_spl_pubkey_dtb { algo = "sha384,rsa4096"; required = "conf"; key-name = "dev"; }; }; }; Lukas Funke (12): binman: elf: Check for ELF_TOOLS availability and remove extra semicolon binman: mkimage: Remove extra colon binman: Don't decompress data while signing binman: blob_dtb: Add fake_size argument to ObtainContents() binman: doc: Add documentation for fdt_add_pubkey bintool binman: ftest: Add test for u_boot_spl_pubkey_dtb binman: btool: Add fdt_add_pubkey as btool binman: etype: Add u_boot_spl_pubkey_dtb etype binman: doc: Add documentation for Xilinx Bootgen bintool binman: btool: Add Xilinx Bootgen btool binman: ftest: Add test for xilinx_fsbl_auth etype binman: etype: Add xilinx_fsbl_auth etype tools/binman/bintools.rst | 22 +++ tools/binman/btool/bootgen.py | 82 +++++++++ tools/binman/btool/fdt_add_pubkey.py | 67 +++++++ tools/binman/control.py | 2 +- tools/binman/elf.py | 10 +- tools/binman/etype/blob_dtb.py | 2 +- tools/binman/etype/mkimage.py | 2 +- tools/binman/etype/u_boot_spl_pubkey_dtb.py | 105 +++++++++++ tools/binman/etype/xilinx_fsbl_auth.py | 186 ++++++++++++++++++++ tools/binman/ftest.py | 42 ++++- tools/binman/test/280_xilinx_fsb_auth.dts | 22 +++ tools/binman/test/281_spl_pubkey_dtb.dts | 16 ++ 12 files changed, 550 insertions(+), 8 deletions(-) create mode 100644 tools/binman/btool/bootgen.py create mode 100644 tools/binman/btool/fdt_add_pubkey.py create mode 100644 tools/binman/etype/u_boot_spl_pubkey_dtb.py create mode 100644 tools/binman/etype/xilinx_fsbl_auth.py create mode 100644 tools/binman/test/280_xilinx_fsb_auth.dts create mode 100644 tools/binman/test/281_spl_pubkey_dtb.dts -- 2.30.2