From: Jamin Lin <jamin_lin@aspeedtech.com>
To: <docs@lists.yoctoproject.org>
Cc: <troy_lee@aspeedtech.com>, <jamin_lin@aspeedtech.com>
Subject: [PATCH v2] ref-manual: uboot-sign: Add how to enable ATF, TEE and User defined snippet ITS for U-Boot FIT image
Date: Tue, 4 Mar 2025 16:38:42 +0800 [thread overview]
Message-ID: <20250304083842.2828763-1-jamin_lin@aspeedtech.com> (raw)
Add how to enable ATF, TEE and User defined ITS for U-Boot FIT image generation.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
---
documentation/ref-manual/classes.rst | 8 +++
documentation/ref-manual/variables.rst | 72 ++++++++++++++++++++++++++
2 files changed, 80 insertions(+)
diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst
index b93279ff6..d1669ed87 100644
--- a/documentation/ref-manual/classes.rst
+++ b/documentation/ref-manual/classes.rst
@@ -3401,6 +3401,14 @@ The variables used by this class are:
- :term:`UBOOT_FITIMAGE_ENABLE`: enable the generation of a U-Boot FIT image.
- :term:`UBOOT_MKIMAGE_DTCOPTS`: DTC options for U-Boot ``mkimage`` when
rebuilding the FIT image containing the kernel.
+- :term:`UBOOT_FIT_ARM_TRUSTED_FIRMWARE`: enable the ARM Trusted Firmware (ATF) image.
+- :term:`UBOOT_FIT_ARM_TRUSTED_FIRMWARE_IMAGE`: specifie the path to the ATF image.
+- :term:`UBOOT_FIT_TEE`: enable the Trusted Execution Environment (TEE) image.
+- :term:`UBOOT_FIT_TEE_IMAGE`: specifie the path to the TEE image.
+- :term:`UBOOT_FIT_USER_SETTINGS`: add a user-specific snippet to the ITS. Users can
+ include their custom ITS snippet in this variable.
+- :term:`UBOOT_FIT_CONF_USER_LOADABLES`: adds a user-defined image to the loadable
+ property of the configuration node. It should be a comma-separated list of strings.
See U-Boot's documentation for details about `verified boot
<https://source.denx.de/u-boot/u-boot/-/blob/master/doc/uImage.FIT/verified-boot.txt>`__
diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
index 60984cc8f..dbbaac56d 100644
--- a/documentation/ref-manual/variables.rst
+++ b/documentation/ref-manual/variables.rst
@@ -9884,6 +9884,78 @@ system and gives an overview of their function and contents.
See the :ref:`ref-classes-uboot-sign` class for details.
+ :term:`UBOOT_FIT_ARM_TRUSTED_FIRMWARE`
+ ARM Trusted Firmware (ATF) is a reference implementation of secure world
+ software for Arm A-Profile architectures (Armv8-A and Armv7-A), including
+ an Exception Level 3 (EL3) Secure Monitor. This variable enables the
+ generation of a U-Boot FIT image with an ATF image.
+
+ Its default value is "0", so set it to "1" to enable this functionality::
+
+ UBOOT_FIT_ARM_TRUSTED_FIRMWARE = "1"
+
+ :term:`UBOOT_FIT_ARM_TRUSTED_FIRMWARE_IMAGE`
+ Specifies the path to the ATF image. Its default value is "bl31.bin"
+
+ UBOOT_FIT_ARM_TRUSTED_FIRMWARE_IMAGE ?= "bl31.bin"
+
+ :term:`UBOOT_FIT_TEE`
+ A Trusted Execution Environment (TEE) is a secure environment for executing
+ code, ensuring high levels of trust in asset management within the
+ surrounding system. This variable enables the generation of a U-Boot FIT
+ image with a TEE image.
+
+ Its default value is "0", so set it to "1" to enable this functionality::
+
+ UBOOT_FIT_TEE = "1"
+
+ :term:`UBOOT_FIT_TEE_IMAGE`
+ Specifies the path to the TEE image. Its default value is "tee-raw.bin"::
+
+ UBOOT_FIT_TEE_IMAGE ?= "tee-raw.bin"
+
+ :term:`UBOOT_FIT_USER_SETTINGS`
+ Add a user-specific snippet to the ITS. Users can include their custom ITS
+ snippet in this variable.
+
+ Ex::
+
+ UBOOT_FIT_FWA_ITS = '\
+ fwa {\n\
+ description = \"FW A\";\n\
+ data = /incbin/(\"fwa.bin\");\n\
+ type = \"fwtype\";\n\
+ arch = \"fwarch\";\n\
+ os = \"fwos\";\n\
+ load = <0xb2000000>;\n\
+ entry = <0xb2000000>;\n\
+ compression = \"none\";\n\
+ };\n\
+ '
+
+ UBOOT_FIT_USER_SETTINGS = "${UBOOT_FIT_FWA_ITS}"
+
+ The generated Image Tree Source (ITS):
+
+ fwa {
+ description = "FW A";
+ data = /incbin/("fwa.bin");
+ type = "fwtype";
+ arch = "fwarch";
+ os = "fwos";
+ load = <0xb2000000>;
+ entry = <0xb2000000>;
+ compression = "none";
+ };
+
+ :term:`UBOOT_FIT_CONF_USER_LOADABLES`
+ Adds a user-defined image to the loadable property of the configuration node.
+ It should be a comma-separated list of strings.
+
+ Ex::
+
+ UBOOT_FIT_CONF_USER_LOADABLES = '\"fwa\", \"fwb\"'
+
:term:`UBOOT_LOADADDRESS`
Specifies the load address for the U-Boot image. During U-Boot image
creation, the :term:`UBOOT_LOADADDRESS` variable is passed as a
--
2.34.1
next reply other threads:[~2025-03-04 8:38 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-04 8:38 Jamin Lin [this message]
2025-03-04 13:55 ` [docs] [PATCH v2] ref-manual: uboot-sign: Add how to enable ATF, TEE and User defined snippet ITS for U-Boot FIT image Quentin Schulz
2025-03-07 8:21 ` Jamin Lin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250304083842.2828763-1-jamin_lin@aspeedtech.com \
--to=jamin_lin@aspeedtech.com \
--cc=docs@lists.yoctoproject.org \
--cc=troy_lee@aspeedtech.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.