Hi Heinrich, On Sun, May 02, 2021 at 07:55:09PM +0200, Heinrich Schuchardt wrote: > Dear all, > > in the DTE meetings we have been discussing how we should add signatures > to device-trees. > > Due to the way how libfdt adds properties the sanest place to add > metadata is before the memory reservation block. I have tested this with > the U-Boot->GRUB->Linux boot sequence. > > See my slides at > > https://github.com/xypron/dte/blob/master/DTE%20-%20Adding%20Metadata.pdf > > and the test program I used > > https://github.com/xypron/dte/blob/master/src/add_metadata_area.c > Thanks for putting together the proposal and I've read the slides and the program so I think I understand what you're trying to do (creating a gap 'DELTA' to make room for some meta data). However, just so I understand this correctly, can you please elaborate a bit on how the meta data would look like? And give an example how it would be used? Are signatures supposed to be verified the first time the DTB is being brought into memory? Or is it meant to be a more dynamic approach? (I believe it's the former you're proposing).
Related, I've been involved in PoC with a student where he did DT-verification of (sub-)nodes, in Linux kernel. PoC was based on the ideas from U-Boot's FIT signature verification. It has some rough corners (and would need a bit more tooling), but it captures the overall idea. I think that is a bit different to what you're proposing (this is probably more related to what I refer to when saying a more dynamic approach). [1] https://github.com/marianomarciello/Device_Tree_Verification/blob/e0b2fc989acb00aa73b62d03409a210631deae43/report.pdf > In the next DTE meetings we could discuss drafting a specification > change for this. > I'm interested in this. // Regards Joakim _______________________________________________ boot-architecture mailing list boot-architecture@lists.linaro.org https://lists.linaro.org/mailman/listinfo/boot-architecture
