From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andreas Dannenberg Date: Fri, 29 Jul 2016 09:30:57 -0500 Subject: [U-Boot] [PATCH] common: image: Add support for post-processing of images In-Reply-To: References: <1469639559-7339-1-git-send-email-dannenberg@ti.com> Message-ID: <20160729143057.GE30461@borg.dal.design.ti.com> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On Fri, Jul 29, 2016 at 07:51:53AM -0600, Simon Glass wrote: > On 27 July 2016 at 11:12, Andreas Dannenberg wrote: > > This commit allows injecting a board/platform/device-specific post- > > processing function into the FIT image data loading process, which can > > include modifying the size and altering the starting source address of > > an image data artifact. This might be desired to do things like strip > > headers or footers attached to the images before they were packaged into > > the FIT, or to perform operations such as decryption or authentication. > > Introduce new configuration option CONFIG_FIT_IMAGE_POST_PROCESS to > > allow controlling this feature. If enabled, a platform-specific post- > > process function must be provided. > > > > Signed-off-by: Andreas Dannenberg > > --- > > > > While not limited to this use case this commit allows for example on TI > > high-security (HS) device variants to extend the secure boot chain to > > Kernel, DTB, and initramfs (and anything else really that can be bundled > > into a FIT image) by injecting calls to a TI-specific ROM API to perform > > authentication (and optionally decryption) of blobs. > > > > At this stage of the boot process one is also free to use the FIT/ > > RSA/SHA-based verified boot scheme already built-into U-Boot to perform > > authentication on TI HS devices, providing a choice between a completely > > open solution or continuing to perform ROM-based calls (which would have > > the added benefit of supporting decryption, amongst other reasons such > > as faster performance due to inherent crypto accelerator usage). > > > > This commit works in analogy to > > da74d1f "spl: fit: add support for post-processing of images" > > which introduced the CONFIG_SPL_FIT_IMAGE_POST_PROCESS option. > > > > > > On a related note Andrew (on copy) will be taking over the work on this > > patch to address any feedback there might be since my last day at TI will > > be 07/29. I will still be monitoring the mailing list but might not be > > able to respond in the current capacity. > > Thanks for your efforts and good luck! Thanks Simon! I very much enjoy working on U-Boot and Kernel OSS with the greater community and hope to find ways to stay involved moving forward beyond fiddling with my personal BeagleBone Blacks and Raspberry Pis :) Regards, Andreas > > > > Thanks and Regards, > > Andreas > > > > Kconfig | 14 ++++++++++++++ > > common/image-fit.c | 26 +++++++++++++++++++++++++- > > 2 files changed, 39 insertions(+), 1 deletion(-) > > Reviewed-by: Simon Glass