From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tom Rini Date: Mon, 25 Jul 2016 22:32:01 -0400 Subject: [U-Boot] [U-Boot, v2] common: fit: Allow U-Boot images to be booted In-Reply-To: <20160720063250.19532-1-mario.six@gdsys.cc> References: <20160720063250.19532-1-mario.six@gdsys.cc> Message-ID: <20160726023201.GD14698@bill-the-cat> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On Wed, Jul 20, 2016 at 08:32:50AM +0200, mario.six at gdsys.cc wrote: > In certain circumstances it comes in handy to be able to boot into a second > U-Boot. But as of now it is not possible to boot a U-Boot binary that is inside > a FIT image, which is problematic for projects that e.g. need to guarantee a > unbroken chain of trust from SOC all the way into the OS, since the FIT signing > mechanism cannot be used. > > This patch adds the capability to load such FIT images. > > An example .its snippet (utilizing signature verification) might look > like the following: > > images { > firmware at 1 { > description = "2nd stage U-Boot image"; > data = /incbin/("u-boot-dtb.img.gz"); > type = "firmware"; > arch = "arm"; > os = "u-boot"; > compression = "gzip"; > load = <0x8FFFC0>; > entry = <0x900000>; > signature at 1 { > algo = "sha256,rsa4096"; > key-name-hint = "key"; > }; > }; > }; > > Signed-off-by: Mario Six > Reviewed-by: Tom Rini Applied to u-boot/master, thanks! -- Tom -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: