On 4/26/24 6:00 PM, Tom Rini wrote:
On Fri, Apr 26, 2024 at 08:56:29AM -0700, Tim Harvey wrote:
On Fri, Apr 26, 2024 at 8:51 AM Tom Rini <tr...@konsulko.com> wrote:
On Fri, Apr 26, 2024 at 08:30:23AM -0700, Tim Harvey wrote:
On Thu, Apr 25, 2024 at 4:07 PM Marek Vasut <ma...@denx.de> wrote:
Update documentation and use nxp_imx8mcst binman etype for signing
of flash.bin instead of previous horrible shell scripting.
Hi Marek,
To be completely fair we are just replacing a shell script and
template file with a python script
(tools/binman/etype/nxp_imx8mcst.py) which also creates the template
file.
I could care less about shell vs python but do put huge value in the
idea of making signing easier and doing so without modification of
U-Boot code. The current implementation requires a couple of things to
be enabled in defconfig which can be done with a seperate
'out-of-tree' defconfig but this new proposed implementation requires
changing a u-boot.dtsi which is a tracked file.
A counter-point is that with using binman for signing we start
eliminating differences between different semiconductors on how to get
something signed.
Hi Tom,
I agree... I'm a huge fan of binman. I just don't want to replace
current constructs that use env and/or config items on a clean code
directory with replacements that require code diffs to do the same.
I'm simply wanting to wrap binman sections with Kconfig items. Is
there a way to use environment variables within binman sections (ie to
wrap sections or override filenames)?
I'm honestly not sure if everyone is happy just yet with how integration
and support for production use cases of signing features is integrated
with binman just yet.
I am sort-of on the fence with the Kconfig option, I did consider it
before sending this patch, because we already have #ifdef ...IMX_HAB in
that .dtsi file, but we would need new Kconfig option for this and the
binman node is starting to be cluttered with ifdeffery.
The other option would be to add a wrapper section around both the SPL
and FIT nodes, and for signing the type= of the section could be
overridden to nxp_mx8mcst , that would work too, but that impact all the
non-signing users.
So ... thoughts ?
