On 06.02.25 18:07, Tom Rini wrote:
On Thu, Feb 06, 2025 at 11:41:14AM +0100, Daniel Schultz wrote:
Hi,
On 05.02.25 15:51, Tom Rini wrote:
On Wed, Feb 05, 2025 at 12:01:36AM -0800, Daniel Schultz wrote:
This patch series adds support to boot PHYTEC's reference distros for
RAUC and Secure Boot.
It adds a new Kconfig entry to embed the RAUC boot logic into the K3 MMC
boot logic. The boot flow itself got extended to run the raucinit function.
It also adds Kconfig entries to pass private keys from an external location
to U-Boot to sign bootloader images. An additional config entries allows to
enable FIT image, because our Secure Boot implementation uses fitimages
instead of normal images.
First, does CI pass with this series? Second, is this also based on the
RAUC support to bootstd series? Thanks.
I just ran the CI tests and they pass:
https://github.com/u-boot/u-boot/pull/739
Thanks. I was concerned that with keys and such we might run in to a
failure to build in CI.
This is what we have for quite some time to boot RAUC or Secure Boot with
our downstream U-Boot. It's not really nice but working... Martin started to
work on bootstd implementation after we implemented that. Our plan is get
the current boot flow upstream and switch completely to bootstd later this
year. Afterwards, we would mark the current boot flow as legacy.
How challenging for your plans would it be to not upstream the legacy
path here and just build on the bootstd method entirely? I can certainly
see why you need to support the legacy model commercially but if we can
avoid adding it and intending to replace it in the community that would
make a lower burden here long term. Thanks!
Sure, we can keep the current boot flow on our downstream U-Boot for now
and will add bootstd later here.
However, there are some patches in this series which are require to sign
images, device-trees, etc with external keys. I will send a v2 and drop
all boot flow related patches.
- Daniel
