From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: Masahiro Yamada <masahiroy@kernel.org>,
Chen-Yu Tsai <wenst@chromium.org>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>,
Laurent Pinchart <laurent.pinchart@ideasonboard.com>,
Simon Glass <sjg@chromium.org>,
linux-arm-kernel@lists.infradead.org,
U-Boot Mailing List <u-boot@lists.denx.de>,
Nicolas Schier <nicolas@fjasle.eu>, Tom Rini <trini@konsulko.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Jonathan Corbet <corbet@lwn.net>,
Nathan Chancellor <nathan@kernel.org>,
Nick Terrell <terrelln@fb.com>, Will Deacon <will@kernel.org>,
linux-doc@vger.kernel.org, linux-kbuild@vger.kernel.org,
linux-kernel@vger.kernel.org, workflows@vger.kernel.org
Subject: Re: [PATCH v9 2/2] arm64: boot: Support Flat Image Tree
Date: Tue, 2 Jan 2024 16:53:09 +0100 [thread overview]
Message-ID: <cfb9c01a-7af6-42ff-9056-e64c8c29bfdb@pengutronix.de> (raw)
In-Reply-To: <CAK7LNAR7Fm-1yaZmyH78vG5yNbbW2Avjj5F63u+aST6JQoMd5A@mail.gmail.com>
Hello Yamada-san,
On 14.12.23 08:33, Masahiro Yamada wrote:
>> The FIT spec allows the "fdt" property to list
>> multiple image nodes.
>>
>>
>> o config-1
>> |- description = "configuration description"
>> |- kernel = "kernel sub-node unit name"
>> |- fdt = "fdt sub-node unit-name" [, "fdt overlay sub-node unit-name", ...]
>> |- loadables = "loadables sub-node unit-name"
>> |- script = "
>> |- compatible = "vendor
>
>
>
>
>
> This is a question for U-Boot (and barebox).
>
>
>
>
> images {
> base {
> ...
> };
>
> addon1 {
> ...
> };
>
> addon2 {
> ...
> };
> };
>
> configurations {
> ...
> fdt = "base", "addon1", "addon2";
> };
>
>
>
>
> Is U-Boot's "bootm" command able to dynamically construct
> the full DTB from "base" + "addon1" + "addon2"
> and pass to the kernel?
barebox can apply overlays to the DT, but doesn't do so yet from
the extra entries in configuration fdt properties.
This should be straight-forward to add though, if the need arises.
> Is U-Boot able to handle FIT (includes kernel + DTs)
> and a separate initrd?
>
> # bootm <fit-address>:<conf-name> <ramdisk-address>
This is possible in barebox, provided that the FIT image doesn't
already have a ramdisk and that CONFIG_BOOTM_FORCE_SIGNED_IMAGES=n:
bootm -r /mnt/nfs/ramdisk.gz /mnt/nfs/image.fit
(Or the equivalent variables if not wanting to use the shell.)
> Presumably, it would be difficult to inject initramdisk
> into image.fit later, so I am hoping bootm would work like that,
> but I did not delve into U-Boot code.
>
>
>
> If it works, is it possible to verify the integrity of initrd?
> The kernel and DTs inside FIT will be verified, but not sure
> if it is possible for ramdisk.
If one wants to preclude mix & match attacks, the configuration needs
to be verified fully, so if signing is required, it's probably better to
amend the FIT later on with the new configuration instead of signing
the initrd separately and combining them at runtime.
Cheers,
Ahmad
>
>
>
>
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
next prev parent reply other threads:[~2024-01-02 15:53 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-02 3:54 [PATCH v9 0/2] arm64: Add a build target for Flat Image Tree Simon Glass
2023-12-02 3:54 ` [PATCH v9 2/2] arm64: boot: Support " Simon Glass
2023-12-03 15:34 ` Laurent Pinchart
2023-12-04 17:59 ` Simon Glass
2023-12-07 14:27 ` Chen-Yu Tsai
2023-12-07 14:38 ` Laurent Pinchart
2023-12-07 20:52 ` Simon Glass
2023-12-07 21:30 ` Laurent Pinchart
2023-12-09 13:13 ` Chen-Yu Tsai
2023-12-09 15:29 ` Laurent Pinchart
2023-12-09 16:31 ` Geert Uytterhoeven
2023-12-14 4:02 ` Chen-Yu Tsai
2023-12-14 6:12 ` Masahiro Yamada
2023-12-14 7:33 ` Masahiro Yamada
2023-12-29 6:38 ` Simon Glass
2024-01-02 3:19 ` Chen-Yu Tsai
2024-01-09 13:47 ` Masahiro Yamada
2024-01-10 3:47 ` Chen-Yu Tsai
2024-01-02 15:53 ` Ahmad Fatoum [this message]
2024-01-09 14:33 ` Rasmus Villemoes
2023-12-14 7:57 ` Geert Uytterhoeven
2023-12-14 12:48 ` Tom Rini
2023-12-05 11:48 ` Ahmad Fatoum
2023-12-06 3:54 ` Simon Glass
2023-12-08 11:49 ` Nicolas Schier
2023-12-13 12:13 ` Will Deacon
2024-01-02 23:46 ` Simon Glass
2024-01-09 14:01 ` Masahiro Yamada
2024-01-09 14:33 ` Tom Rini
2024-01-17 13:14 ` Simon Glass
2024-01-25 16:03 ` Simon Glass
2024-01-30 9:16 ` Masahiro Yamada
2024-01-31 22:02 ` Rob Herring
2024-02-01 2:08 ` Masahiro Yamada
2024-02-01 21:03 ` Rob Herring
2024-02-02 5:37 ` Masahiro Yamada
2024-02-02 16:00 ` Simon Glass
2024-02-02 16:00 ` Simon Glass
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cfb9c01a-7af6-42ff-9056-e64c8c29bfdb@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=catalin.marinas@arm.com \
--cc=corbet@lwn.net \
--cc=geert@linux-m68k.org \
--cc=laurent.pinchart@ideasonboard.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=masahiroy@kernel.org \
--cc=nathan@kernel.org \
--cc=nicolas@fjasle.eu \
--cc=sjg@chromium.org \
--cc=terrelln@fb.com \
--cc=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
--cc=wenst@chromium.org \
--cc=will@kernel.org \
--cc=workflows@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).