From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marek Vasut Date: Tue, 21 May 2019 04:49:40 +0200 Subject: [U-Boot] [PATCH 4/6] spl: mmc: support loading i.MX container format file In-Reply-To: References: <20190507130554.4598-1-peng.fan@nxp.com> <20190507130554.4598-5-peng.fan@nxp.com> <10a2f560-a6c1-33d2-ea88-4c4d1894e5f1@gmail.com> <2ab8e478-34e6-edeb-9a2d-519ee4723143@denx.de> Message-ID: <31434bac-e22c-8623-6842-2c923cfbe5f1@denx.de> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On 5/21/19 4:31 AM, Peng Fan wrote: > Hi Marek, > >> Subject: Re: [U-Boot] [PATCH 4/6] spl: mmc: support loading i.MX container >> format file >> >> On 5/20/19 3:54 AM, Peng Fan wrote: >>> Hi Marek, >>> >>>> Subject: Re: [U-Boot] [PATCH 4/6] spl: mmc: support loading i.MX >>>> container format file >>>> >>>> On 5/20/19 3:30 AM, Peng Fan wrote: >>>>> Hi Simon, >>>>> >>>>>> Subject: Re: [PATCH 4/6] spl: mmc: support loading i.MX container >>>>>> format file >>>>>> >>>>>> Hi Peng, >>>>>> >>>>>> On Tue, 7 May 2019 at 06:52, Peng Fan wrote: >>>>>>> >>>>>>> i.MX8 only support AHAB secure boot with Container format image, >>>>>>> we could not use FIT to support secure boot, so introduce >>>>>>> container >>>>>> >>>>>> Why not FIT? >>>>> >>>>> Actually before we implement secure boot, we use FIT image, however >>>>> i.MX8 only support i.MX container format image for secure boot, The >>>>> chip will verify the container image when secure boot. It could not >>>>> recognize FIT image. So we have to drop FIT image. >>>>> >>>>>> >>>>>>> support to let SPL could load container images. >>>>>> >>>>>> What is a container image? Can you please point to documentation? >>>>> >>>>> Sadly, there is no public reference manual. There is a doc that has >>>>> a bit of information. >>>>> >>>> >> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcom >>>> m >>>>> >>>> >> unity.nxp.com%2Fdocs%2FDOC-343178&data=02%7C01%7Cpeng.fan%4 >>>> 0nxp.co >>>>> >>>> >> m%7C8626e7a1d20c44b8715408d6dcc4d866%7C686ea1d3bc2b4c6fa92cd9 >>>> 9c5c30163 >>>>> >>>> >> 5%7C0%7C0%7C636939135344595378&sdata=vmIaO78XmuL1tQJufqf7 >>>> HCGdWHTCJ >>>>> bEpmGBio15j46U%3D&reserved=0 >>>> >>>> Shouldn't it suffice for the SPL to be in this custom format , while >>>> the rest of the binaries can be in fitImage ? >>> >>> The issue is the SoC only support i.MX container format for secure >>> boot(AHAB boot), if we not use secure boot, FIT image do work and could >> work well. >>> >>> We investigated using FIT for i.MX8 secure boot, but it does not make >>> sense we did a FIT wrapper for container. Container itself is also an >>> image format, it contains image load/entry/size and etc information. >>> >>> I add a kconfig entry in SPL code, it does not hurt others if the Kconfig entry >> not chosen. >>> >>> I do not know how other SoC vendor did FIT hardware secure boot, >>> please share you have any information. >> >> The SPL can be in the custom format, but then can load fitImage with the next >> stage(s), right ? > > I am not able to follow you, could you share more details? Wrap the SPL into this custom format and then have the SPL load/authenticate fitImage with the rest (U-Boot, Linux, DTB etc). Would that work ? -- Best regards, Marek Vasut