[PATCH] HSD #2205749969: board: altera: Add fitImage to support S10 secure boot for both U-Boot and kernel

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

From: Jit Loon Lim <jit.loon.lim@intel.com>
To: u-boot@lists.denx.de
Cc: Jagan Teki <jagan@amarulasolutions.com>,
	Vignesh R <vigneshr@ti.com>, Marek <marex@denx.de>,
	Simon <simon.k.r.goldschmidt@gmail.com>,
	Tien Fong <tien.fong.chee@intel.com>,
	Kok Kiang <kok.kiang.hea@intel.com>,
	Siew Chin <elly.siew.chin.lim@intel.com>,
	Sin Hui <sin.hui.kho@intel.com>, Raaj <raaj.lokanathan@intel.com>,
	Dinesh <dinesh.maniyam@intel.com>,
	Boon Khai <boon.khai.ng@intel.com>,
	Alif <alif.zakuan.yuslaimi@intel.com>,
	Teik Heng <teik.heng.chong@intel.com>,
	Hazim <muhammad.hazim.izzat.zamri@intel.com>,
	Sieu Mun Tang <sieu.mun.tang@intel.com>,
	Jit Loon Lim <jit.loon.lim@intel.com>,
	"Ooi, Joyce" <joyce.ooi@intel.com>,
	Ooi@ecsmtp.png.intel.com
Subject: [PATCH] HSD #2205749969: board: altera: Add fitImage to support S10 secure boot for both U-Boot and kernel
Date: Thu,  1 Sep 2022 13:54:54 +0800	[thread overview]
Message-ID: <20220901055454.27774-1-jit.loon.lim@intel.com> (raw)

From: "Ooi, Joyce" <joyce.ooi@intel.com>

FitImage files are added to load Linux kernel image and U-boot
image for Stratix10 Secure Boot.

Signed-off-by: Ooi, Joyce <joyce.ooi@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
---
 .../stratix10-socdk/its/kernel-sign.its       | 51 +++++++++++++++++++
 .../altera/stratix10-socdk/its/uboot-sign.its | 41 +++++++++++++++
 2 files changed, 92 insertions(+)
 create mode 100644 board/altera/stratix10-socdk/its/kernel-sign.its
 create mode 100644 board/altera/stratix10-socdk/its/uboot-sign.its

diff --git a/board/altera/stratix10-socdk/its/kernel-sign.its b/board/altera/stratix10-socdk/its/kernel-sign.its
new file mode 100644
index 0000000000..5136365b99
--- /dev/null
+++ b/board/altera/stratix10-socdk/its/kernel-sign.its
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2019 Intel Corporation. All rights reserved
+ *
+ * SPDX-License-Identifier: GPL-2.0
+ */
+
+/dts-v1/;
+
+/ {
+	description = "Linux kernel image with FDT blob";
+	#address-cells = <1>;
+
+	images {
+		kernel {
+			description = "Linux Kernel";
+			data = /incbin/("Image");
+			type = "kernel";
+			arch = "arm64";
+			os = "linux";
+			compression = "none";
+			load = <0x2080000>;
+			entry = <0x2080000>;
+			hash {
+				algo = "sha256";
+			};
+		};
+		fdt {
+			description = "Linux DTB";
+			data = /incbin/("socfpga_stratix10_socdk.dtb");
+			type = "flat_dt";
+			arch = "arm64";
+			compression = "none";
+			hash {
+				algo = "sha256";
+			};
+		};
+	};
+	configurations {
+		default = "conf";
+		conf {
+			description = "Linux boot configuration";
+			kernel = "kernel";
+			fdt = "fdt";
+			signature {
+				algo = "sha256,rsa4096";
+				key-name-hint = "dev";
+				sign-images = "fdt", "kernel";
+			};
+		};
+	};
+};
diff --git a/board/altera/stratix10-socdk/its/uboot-sign.its b/board/altera/stratix10-socdk/its/uboot-sign.its
new file mode 100644
index 0000000000..611bb980f9
--- /dev/null
+++ b/board/altera/stratix10-socdk/its/uboot-sign.its
@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2019 Intel Corporation. All rights reserved
+ *
+ * SPDX-License-Identifier: GPL-2.0
+ */
+
+/dts-v1/;
+
+/ {
+	description = "Authenticator";
+	#address-cells = <1>;
+
+	images {
+		standalone {
+			description = "Authenticator binary";
+			data = /incbin/("../../../../u-boot-dtb.bin");
+			type = "standalone";
+			arch = "arm64";
+			compression = "none";
+			load = <0x1000>;
+			entry = <0x1000>;
+			os = "u-boot";
+			hash {
+				algo = "sha256";
+			};
+		};
+	};
+
+	configurations {
+		default = "conf";
+		conf {
+			description = "Authenticator fitImage";
+			standalone = "standalone";
+			signature {
+				algo = "sha256,rsa4096";
+				key-name-hint = "dev";
+				sign-images = "standalone";
+			};
+		};
+	};
+};
-- 
2.26.2

                 reply	other threads:[~2022-09-01  5:55 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:5136365b9 dfblob:611bb980f )
 OR (
bs:"[PATCH] HSD #2205749969: board: altera: Add fitImage to support S10 secure boot for both U-Boot and kernel" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220901055454.27774-1-jit.loon.lim@intel.com \
    --to=jit.loon.lim@intel.com \
    --cc=Ooi@ecsmtp.png.intel.com \
    --cc=alif.zakuan.yuslaimi@intel.com \
    --cc=boon.khai.ng@intel.com \
    --cc=dinesh.maniyam@intel.com \
    --cc=elly.siew.chin.lim@intel.com \
    --cc=jagan@amarulasolutions.com \
    --cc=joyce.ooi@intel.com \
    --cc=kok.kiang.hea@intel.com \
    --cc=marex@denx.de \
    --cc=muhammad.hazim.izzat.zamri@intel.com \
    --cc=raaj.lokanathan@intel.com \
    --cc=sieu.mun.tang@intel.com \
    --cc=simon.k.r.goldschmidt@gmail.com \
    --cc=sin.hui.kho@intel.com \
    --cc=teik.heng.chong@intel.com \
    --cc=tien.fong.chee@intel.com \
    --cc=u-boot@lists.denx.de \
    --cc=vigneshr@ti.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox