[U-Boot] [PATCH] common: image: Add support for post-processing of images

[Andreas Dannenberg <dannenberg@ti.com>]

On Fri, Jul 29, 2016 at 07:51:53AM -0600, Simon Glass wrote:
> On 27 July 2016 at 11:12, Andreas Dannenberg <dannenberg@ti.com> wrote:
> > This commit allows injecting a board/platform/device-specific post-
> > processing function into the FIT image data loading process, which can
> > include modifying the size and altering the starting source address of
> > an image data artifact. This might be desired to do things like strip
> > headers or footers attached to the images before they were packaged into
> > the FIT, or to perform operations such as decryption or authentication.
> > Introduce new configuration option CONFIG_FIT_IMAGE_POST_PROCESS to
> > allow controlling this feature. If enabled, a platform-specific post-
> > process function must be provided.
> >
> > Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
> > ---
> >
> > While not limited to this use case this commit allows for example on TI
> > high-security (HS) device variants to extend the secure boot chain to
> > Kernel, DTB, and initramfs (and anything else really that can be bundled
> > into a FIT image) by injecting calls to a TI-specific ROM API to perform
> > authentication (and optionally decryption) of blobs.
> >
> > At this stage of the boot process one is also free to use the FIT/
> > RSA/SHA-based verified boot scheme already built-into U-Boot to perform
> > authentication on TI HS devices, providing a choice between a completely
> > open solution or continuing to perform ROM-based calls (which would have
> > the added benefit of supporting decryption, amongst other reasons such
> > as faster performance due to inherent crypto accelerator usage).
> >
> > This commit works in analogy to
> > da74d1f "spl: fit: add support for post-processing of images"
> > which introduced the CONFIG_SPL_FIT_IMAGE_POST_PROCESS option.
> >
> >
> > On a related note Andrew (on copy) will be taking over the work on this
> > patch to address any feedback there might be since my last day at TI will
> > be 07/29. I will still be monitoring the mailing list but might not be
> > able to respond in the current capacity.
> 
> Thanks for your efforts and good luck!

Thanks Simon! I very much enjoy working on U-Boot and Kernel OSS with
the greater community and hope to find ways to stay involved moving
forward beyond fiddling with my personal BeagleBone Blacks and
Raspberry Pis :)

Regards,
Andreas


> >
> > Thanks and Regards,
> > Andreas
> >
> >  Kconfig            | 14 ++++++++++++++
> >  common/image-fit.c | 26 +++++++++++++++++++++++++-
> >  2 files changed, 39 insertions(+), 1 deletion(-)
> 
> Reviewed-by: Simon Glass <sjg@chromium.org>