-
Ye Li authored
Introduce two board level callback functions to FIT image loading process, and a SPL_FIT_FOUND flag to differentiate FIT image or RAW image. Implement functions in imx common SPL codes to call HAB funtion to authenticate the FIT image. Generally, we have to sign multiple regions in FIT image: 1. Sign FIT FDT data (configuration) 2. Sign FIT external data (Sub-images) Because the CSF supports to sign multiple memory blocks, so that we can use one signature to cover all regions in FIT image and only authenticate once. The authentication should be done after the entire FIT image is loaded into memory including all sub-images. We use "-p" option to generate FIT image to reserve a space for FIT IVT and FIT CSF, also this help to fix the offset of the external data (u-boot-nodtb.bin, ATF, u-boot DTB). The signed FIT image layout is as below: -------------------------------------------------- | | | | | | | | | FIT | FIT | FIT | | U-BOOT | ATF | U-BOOT | | FDT | IVT | CSF | | nodtb.bin | | DTB | | | | | | | | | -------------------------------------------------- Signed-off-by:
Ye Li <ye.li@nxp.com> Reviewed-by:
078dd4ee