From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 260D2C05027 for ; Thu, 2 Feb 2023 08:11:52 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 5FCB685ECA; Thu, 2 Feb 2023 09:10:49 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=siemens.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; secure) header.d=siemens.com header.i=jan.kiszka@siemens.com header.b="DbxOhRbg"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id B874D85EBE; Thu, 2 Feb 2023 09:08:57 +0100 (CET) Received: from mta-64-227.siemens.flowmailer.net (mta-64-227.siemens.flowmailer.net [185.136.64.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 385FE85EB1 for ; Thu, 2 Feb 2023 09:08:16 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=siemens.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=jan.kiszka@siemens.com Received: by mta-64-227.siemens.flowmailer.net with ESMTPSA id 20230202080802e5630eb8a2c186b27e for ; Thu, 02 Feb 2023 09:08:02 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=jan.kiszka@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=ChtN3A1BeVPzKB1POyi4F3luL6ChoHL/UCFbpPKRbhE=; b=DbxOhRbgvJWXKGIQWGvCXtFSGKQBXiSvV1OyWjUop0Mu1Z5UgapR24ViYEEjyIGnTpCx9C pn5D98+egteK+nIAPcVwSYo/8aqGj7a816/YFGwrNC5ysdnUcaK3QFyTwWaRrDCtZbT+uC4H LJRSUDb+4YvXTrstI0MDXb9+yHwDs=; From: Jan Kiszka To: U-Boot Mailing List Subject: [PATCH V4 09/14] arm: dts: iot2050: Allow verifying U-Boot proper by SPL Date: Thu, 2 Feb 2023 09:07:54 +0100 Message-Id: <24c4ab77cb63dcc196376e0c6ead11210b7d482c.1675325279.git.jan.kiszka@siemens.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-294854:519-21489:flowmailer X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean From: Jan Kiszka Add hashes and configuration signature stubs to prepare verified boot of main U-Boot by SPL. Signed-off-by: Jan Kiszka --- arch/arm/dts/k3-am65-iot2050-boot-image.dtsi | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/arch/arm/dts/k3-am65-iot2050-boot-image.dtsi b/arch/arm/dts/k3-am65-iot2050-boot-image.dtsi index 3ee0842e993..9082a79a034 100644 --- a/arch/arm/dts/k3-am65-iot2050-boot-image.dtsi +++ b/arch/arm/dts/k3-am65-iot2050-boot-image.dtsi @@ -14,6 +14,7 @@ filename = "flash.bin"; pad-byte = <0xff>; size = <0x8c0000>; + allow-repack; blob-ext@0x000000 { offset = <0x000000>; @@ -45,6 +46,9 @@ entry = <0x80800000>; u-boot-nodtb { }; + hash { + algo = "sha256"; + }; }; @fdt-SEQ { @@ -52,6 +56,9 @@ type = "flat_dt"; arch = "arm64"; compression = "none"; + hash { + algo = "sha256"; + }; }; #ifdef CONFIG_WDT_K3_RTI_FW_FILE @@ -64,6 +71,9 @@ filename = CONFIG_WDT_K3_RTI_FW_FILE; missing-msg = "k3-rti-wdt-firmware"; }; + hash { + algo = "sha256"; + }; }; #endif }; @@ -77,10 +87,16 @@ #ifdef CONFIG_WDT_K3_RTI_FW_FILE loadables = "k3-rti-wdt-firmware"; #endif + signature { + sign-images = "firmware", "fdt", "loadables"; + }; }; }; }; + fdtmap { + }; + /* primary env */ fill@0x680000 { offset = <0x680000>; -- 2.35.3