From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 17FA0C64991
	for <u-boot@archiver.kernel.org>; Thu,  1 Sep 2022 05:55:09 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id BD519848FB;
	Thu,  1 Sep 2022 07:55:07 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=intel.com
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=intel.com header.i=@intel.com header.b="JDYozAcU";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id D386C84895; Thu,  1 Sep 2022 07:55:05 +0200 (CEST)
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 8A7348482E
 for <u-boot@lists.denx.de>; Thu,  1 Sep 2022 07:55:02 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=intel.com
Authentication-Results: phobos.denx.de;
 spf=none smtp.mailfrom=jitloonl@ecsmtp.png.intel.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
 t=1662011702; x=1693547702;
 h=from:to:cc:subject:date:message-id:mime-version:
 content-transfer-encoding;
 bh=P09EPn98iN/Ry8vOlrztHXGCZDMMwfIHtuJd4oy21Is=;
 b=JDYozAcUzTql0vJNEjVJkLMt+NQ7Q2Y/LkO4TqZ8gKosmpJOxlfDT+IM
 t1jh7keGJlNhJEBX6KUbVnz3v2iM/t1WhVgIZphg4xK3/p2jfo/2aC3/C
 YXmrWD7ZB8axK/QwaIVWHcSfYtQ9YbPahkvSGfyfCB4rkg7XhjDw5jFFQ
 r4kPbN4iSed9/U4jXQCbGCqVb+jWdAZuixJ1g17F9UAzJCLxQxmlMtOrO
 YfSNUGq1zKIx8T1SoeDB13xB4J46DPQclpdwSwU5Dd4iL0NBXTAMH2DzQ
 hi2qRo5q4JX2vw5T7HSnBrcbVon7O+7qJsaMp1NrSf/CtzxtN6qadH334 Q==;
X-IronPort-AV: E=McAfee;i="6500,9779,10456"; a="275372087"
X-IronPort-AV: E=Sophos;i="5.93,280,1654585200"; d="scan'208";a="275372087"
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
 by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 31 Aug 2022 22:55:00 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.93,280,1654585200"; d="scan'208";a="754684103"
Received: from pglmail07.png.intel.com ([10.221.193.207])
 by fmsmga001.fm.intel.com with ESMTP; 31 Aug 2022 22:54:56 -0700
Received: from localhost (pgli0117.png.intel.com [10.221.240.80])
 by pglmail07.png.intel.com (Postfix) with ESMTP id F09EA32E3;
 Thu,  1 Sep 2022 13:54:55 +0800 (+08)
Received: by localhost (Postfix, from userid 12048045)
 id EC8EF3D21; Thu,  1 Sep 2022 13:54:55 +0800 (+08)
From: Jit Loon Lim <jit.loon.lim@intel.com>
To: u-boot@lists.denx.de
Cc: Jagan Teki <jagan@amarulasolutions.com>,
 Vignesh R <vigneshr@ti.com>, Marek <marex@denx.de>,
 Simon <simon.k.r.goldschmidt@gmail.com>,
 Tien Fong <tien.fong.chee@intel.com>, Kok Kiang <kok.kiang.hea@intel.com>,
 Siew Chin <elly.siew.chin.lim@intel.com>,
 Sin Hui <sin.hui.kho@intel.com>, Raaj <raaj.lokanathan@intel.com>,
 Dinesh <dinesh.maniyam@intel.com>, Boon Khai <boon.khai.ng@intel.com>,
 Alif <alif.zakuan.yuslaimi@intel.com>,
 Teik Heng <teik.heng.chong@intel.com>,
 Hazim <muhammad.hazim.izzat.zamri@intel.com>,
 Sieu Mun Tang <sieu.mun.tang@intel.com>,
 Jit Loon Lim <jit.loon.lim@intel.com>,
 "Ooi, Joyce" <joyce.ooi@intel.com>, Ooi@ecsmtp.png.intel.com
Subject: [PATCH] HSD #2205749969: board: altera: Add fitImage to support S10
 secure boot for both U-Boot and kernel
Date: Thu,  1 Sep 2022 13:54:54 +0800
Message-Id: <20220901055454.27774-1-jit.loon.lim@intel.com>
X-Mailer: git-send-email 2.26.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de
X-Virus-Status: Clean

From: "Ooi, Joyce" <joyce.ooi@intel.com>

FitImage files are added to load Linux kernel image and U-boot
image for Stratix10 Secure Boot.

Signed-off-by: Ooi, Joyce <joyce.ooi@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
---
 .../stratix10-socdk/its/kernel-sign.its       | 51 +++++++++++++++++++
 .../altera/stratix10-socdk/its/uboot-sign.its | 41 +++++++++++++++
 2 files changed, 92 insertions(+)
 create mode 100644 board/altera/stratix10-socdk/its/kernel-sign.its
 create mode 100644 board/altera/stratix10-socdk/its/uboot-sign.its

diff --git a/board/altera/stratix10-socdk/its/kernel-sign.its b/board/altera/stratix10-socdk/its/kernel-sign.its
new file mode 100644
index 0000000000..5136365b99
--- /dev/null
+++ b/board/altera/stratix10-socdk/its/kernel-sign.its
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2019 Intel Corporation. All rights reserved
+ *
+ * SPDX-License-Identifier: GPL-2.0
+ */
+
+/dts-v1/;
+
+/ {
+	description = "Linux kernel image with FDT blob";
+	#address-cells = <1>;
+
+	images {
+		kernel {
+			description = "Linux Kernel";
+			data = /incbin/("Image");
+			type = "kernel";
+			arch = "arm64";
+			os = "linux";
+			compression = "none";
+			load = <0x2080000>;
+			entry = <0x2080000>;
+			hash {
+				algo = "sha256";
+			};
+		};
+		fdt {
+			description = "Linux DTB";
+			data = /incbin/("socfpga_stratix10_socdk.dtb");
+			type = "flat_dt";
+			arch = "arm64";
+			compression = "none";
+			hash {
+				algo = "sha256";
+			};
+		};
+	};
+	configurations {
+		default = "conf";
+		conf {
+			description = "Linux boot configuration";
+			kernel = "kernel";
+			fdt = "fdt";
+			signature {
+				algo = "sha256,rsa4096";
+				key-name-hint = "dev";
+				sign-images = "fdt", "kernel";
+			};
+		};
+	};
+};
diff --git a/board/altera/stratix10-socdk/its/uboot-sign.its b/board/altera/stratix10-socdk/its/uboot-sign.its
new file mode 100644
index 0000000000..611bb980f9
--- /dev/null
+++ b/board/altera/stratix10-socdk/its/uboot-sign.its
@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2019 Intel Corporation. All rights reserved
+ *
+ * SPDX-License-Identifier: GPL-2.0
+ */
+
+/dts-v1/;
+
+/ {
+	description = "Authenticator";
+	#address-cells = <1>;
+
+	images {
+		standalone {
+			description = "Authenticator binary";
+			data = /incbin/("../../../../u-boot-dtb.bin");
+			type = "standalone";
+			arch = "arm64";
+			compression = "none";
+			load = <0x1000>;
+			entry = <0x1000>;
+			os = "u-boot";
+			hash {
+				algo = "sha256";
+			};
+		};
+	};
+
+	configurations {
+		default = "conf";
+		conf {
+			description = "Authenticator fitImage";
+			standalone = "standalone";
+			signature {
+				algo = "sha256,rsa4096";
+				key-name-hint = "dev";
+				sign-images = "standalone";
+			};
+		};
+	};
+};
-- 
2.26.2