[PATCH 3/3] bootm: add initial FIT support

Marc Kleine-Budde mkl at pengutronix.de
Tue Jan 5 03:54:57 PST 2016

On 01/05/2016 11:40 AM, Yegor Yefremov wrote:
> On Tue, Jan 5, 2016 at 11:32 AM, Marc Kleine-Budde <mkl at pengutronix.de> wrote:
>> On 01/05/2016 11:28 AM, Yegor Yefremov wrote:
>>> Hi Marc,
>>> thanks for reposting the patches.
>>> On Tue, Jan 5, 2016 at 9:11 AM, Marc Kleine-Budde <mkl at pengutronix.de> wrote:
>>>> From: Jan Luebbe <jlu at pengutronix.de>
>>>> This implementation is inspired by U-Boot's FIT support. Instead of
>>>> using libfdt (which does not exist in barebox), configuration signatures
>>>> are verified by using a simplified DT parser based on barebox's own
>>>> code.
>>>> Currently, only signed configurations with hashed images are supported,
>>>> as the other variants are less useful for verified boot. Compatible FIT
>>>> images can be created using U-Boot's mkimage tool.
>>> What about unsigned images?
>> That's not our use case. We use plain zImages instead.
> The solution would be to introduce an option like in U-Boot?
> This option enables signature verification of FIT uImages,
> using a hash signed and verified using RSA. If
> CONFIG_SHA_PROG_HW_ACCEL is defined, i.e support for progressive
> hashing is available using hardware, RSA library will use it.
> See doc/uImage.FIT/signature.txt for more details.

Technically possible, but I'm not sure what are the benefits of using
fit images, if you don't need signatures. barebox implements
freedesktop.org's bootspec and this is IMHO the way to go.

>>> I also get: unsupported algo crc32
>>> Is it intended to be supported?
>> Not for our usecase - feel free to add crc32 support.
> OK.
> But what about FIT configuration selection syntax?

What's this?


Pengutronix e.K.                  | Marc Kleine-Budde           |
Industrial Linux Solutions        | Phone: +49-231-2826-924     |
Vertretung West/Dortmund          | Fax:   +49-5121-206917-5555 |
Amtsgericht Hildesheim, HRA 2686  | http://www.pengutronix.de   |

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.infradead.org/pipermail/barebox/attachments/20160105/7363b180/attachment.sig>

More information about the barebox mailing list