From: Lukas Funke <lukas.fu...@weidmueller.com>
This series adds two etypes to create a verified boot chain for
Xilinx ZynqMP devices. The first etype 'xilinx_fsbl_auth' is used to
create a bootable, signed image for ZynqMP boards using the Xilinx
Bootgen tool. The second etype 'u_boot_spl_pubkey_dtb' is used to add
a '/signature' node to the SPL. The public key in the signature is read
from a certificate file and added using the 'fdt_add_pubkey' tool. The
series also contains the corresponding btool for calling 'bootgen' and
'fdt_add_pubkey'
The following block shows an example on how to use this functionality:
spl {
filename = "boot.signed.bin";
xilinx_fsbl_auth {
psk-filename = "psk0.pem";
ssk-filename = "ssk0.pem";
auth-params = "ppk_select=0", "spk_id=0x00000000";
u_boot_spl_nodtb {
};
u_boot_spl_pubkey_dtb {
algo = "sha384,rsa4096";
required = "conf";
key-name = "dev";
};
};
};
Changes in v2:
- Changed u_boot_spl_pubkey_dtb to u-boot-spl-pubkey-dtb
- Improved rst/python documentation
- Changed u_boot_spl_pubkey_dtb to u-boot-spl-pubkey-dtb in example
- Pass additional 'keysrc_enc' parameter to Bootgen
- Added more information and terms to documentation
- Fixed typo in dts name
- Add 'keysrc-enc' property to pass down to Bootgen
- Improved documentation
- Use predictable output names for intermediated results
Lukas Funke (11):
binman: elf: Check for ELF_TOOLS availability and remove extra
semicolon
binman: Don't decompress data while signing
binman: blob_dtb: Add fake_size argument to ObtainContents()
binman: doc: Add documentation for fdt_add_pubkey bintool
binman: ftest: Add test for u_boot_spl_pubkey_dtb
binman: btool: Add fdt_add_pubkey as btool
binman: etype: Add u_boot_spl_pubkey_dtb etype
binman: doc: Add documentation for Xilinx Bootgen bintool
binman: btool: Add Xilinx Bootgen btool
binman: ftest: Add test for xilinx_fsbl_auth etype
binman: etype: Add xilinx_fsbl_auth etype
tools/binman/bintools.rst | 22 ++
tools/binman/btool/bootgen.py | 136 +++++++++++++
tools/binman/btool/fdt_add_pubkey.py | 67 ++++++
tools/binman/control.py | 2 +-
tools/binman/elf.py | 10 +-
tools/binman/entries.rst | 92 +++++++++
tools/binman/etype/blob_dtb.py | 2 +-
tools/binman/etype/u_boot_spl_pubkey_dtb.py | 109 ++++++++++
tools/binman/etype/xilinx_fsbl_auth.py | 213 ++++++++++++++++++++
tools/binman/ftest.py | 42 +++-
tools/binman/test/280_xilinx_fsbl_auth.dts | 23 +++
tools/binman/test/281_spl_pubkey_dtb.dts | 16 ++
12 files changed, 727 insertions(+), 7 deletions(-)
create mode 100644 tools/binman/btool/bootgen.py
create mode 100644 tools/binman/btool/fdt_add_pubkey.py
create mode 100644 tools/binman/etype/u_boot_spl_pubkey_dtb.py
create mode 100644 tools/binman/etype/xilinx_fsbl_auth.py
create mode 100644 tools/binman/test/280_xilinx_fsbl_auth.dts
create mode 100644 tools/binman/test/281_spl_pubkey_dtb.dts
--
2.30.2
