[oe-core][RFC 0/3] u-boot: Support SPL Verified Boot

[Klaus Heinrich Kiwi]

On 3/15/2021 6:31 PM, Dan Zhang wrote:
> Hi Kaus,

Hi Dan,


> What's my suggestion essentially is add a configuration i.e.
> DO_UBOOT_SIGN to allow users only create a "signable" fit-image, but
> sign later.
> 
> in the code
> + uboot_fitimage_assemble() {
> ...
> +       #
> +       # Sign the U-boot FIT image and add public key to SPL dtb
> +       #
>          if [ "x${DO_UBOOT_SIGN}" = "x1" ] ; then
> +       ${UBOOT_MKIMAGE_SIGN} \
> +               ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if
> len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
> +               -F -k "${UBOOT_SIGN_KEYDIR}" \
> +               -K "${spl_dtb}" \
> +               -r ${uboot_bin} \
> +               ${UBOOT_MKIMAGE_SIGN_ARGS}
>         fi
> }
> 

Yes, thanks for the suggestion. As I said, I'm a bit hesitant since the
semantics for creating a Kernel fitImage (i.e., setting KERNEL_CLASSES
and KERNEL_IMAGETYPES) is essentially non-existent for U-Boot.

I'll work on your suggestion, but I think we should use something like
UBOOT_ENABLE_FITIMAGE = "1" - creates the U-Boot fitImage
UBOOT_FITIMAGE_% - variables that control the fitImage creation
SPL_SIGN_ENABLE = "1" signs the U-boot fitImage
SPL_MKIMAGE_% - variables that control the U-boot fitImage signing

That way I guess the variables are used in a similar way as the kernel
fitImage scenario.

Thanks!

  -Klaus

-- 
Klaus Heinrich Kiwi <klaus at linux.vnet.ibm.com>