Git Repo - u-boot.git/commit

author	Ye Li <[email protected]>
	Sat, 17 Nov 2018 09:10:25 +0000 (09:10 +0000)
committer	Stefano Babic <[email protected]>
	Tue, 1 Jan 2019 13:12:18 +0000 (14:12 +0100)
commit	e246bfcfe250fda67fdf0d64f09a426e486a3acf
tree	bd4e9e0886818f918b6e968577c6306fae3545ff	tree \| snapshot
parent	68e7410fa22eabaa98efc03f7745b1adf86e7b28	commit \| diff

SPL: Add HAB image authentication to FIT

Introduce two board level callback functions to FIT image loading process, and
a SPL_FIT_FOUND flag to differentiate FIT image or RAW image.

Implement functions in imx common SPL codes to call HAB funtion
to authenticate the FIT image. Generally, we have to sign multiple regions
in FIT image:
1. Sign FIT FDT data (configuration)
2. Sign FIT external data (Sub-images)

Because the CSF supports to sign multiple memory blocks, so that we can use one
signature to cover all regions in FIT image and only authenticate once.
The authentication should be done after the entire FIT image is loaded into
memory including all sub-images.
We use "-p" option to generate FIT image to reserve a space for FIT IVT
and FIT CSF, also this help to fix the offset of the external data (u-boot-nodtb.bin,
ATF, u-boot DTB).

The signed FIT image layout is as below:
--------------------------------------------------
|     |     |     |   |           |     |        |
| FIT | FIT | FIT |   | U-BOOT    | ATF | U-BOOT |
| FDT | IVT | CSF |   | nodtb.bin |     |   DTB  |
|     |     |     |   |           |     |        |
--------------------------------------------------

Signed-off-by: Ye Li <[email protected]>
Reviewed-by: Peng Fan <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
Signed-off-by: Peng Fan <[email protected]>

arch/arm/mach-imx/spl.c		diff \| blob \| blame \| history
common/spl/spl_fit.c		diff \| blob \| blame \| history
include/spl.h		diff \| blob \| blame \| history