[PATCH v2 00/11] Sign Xilinx ZynqMP SPL/FSBL boot images using binman

From: Lukas Funke This series adds two etypes to create a verified boot chain for Xilinx ZynqMP devices. The first etype 'xilinx_fsbl_auth' is used to create a bootable, signed image for ZynqMP boards using the Xilinx Bootgen tool. The second etype 'u_boot_spl_pubkey_dtb' is used to add a

[PATCH v2 03/11] binman: blob_dtb: Add fake_size argument to ObtainContents()

From: Lukas Funke The method 'connect_contents_to_file()' calls ObtainsContents() with 'fake_size' argument. Without providing the argument in the blob_dtb we are not able to call this method without error. Signed-off-by: Lukas Funke Reviewed-by: Simon Glass --- (no changes since v1)

[PATCH v2 05/11] binman: ftest: Add test for u_boot_spl_pubkey_dtb

From: Lukas Funke Add test for u_boot_spl_pubkey_dtb. The test adds a public key to the dtb and checks if the required nodes will be added to the images dtb. Signed-off-by: Lukas Funke Reviewed-by: Simon Glass --- Changes in v2: - Changed u_boot_spl_pubkey_dtb to u-boot-spl-pubkey-dtb

[PATCH v2 02/11] binman: Don't decompress data while signing

From: Lukas Funke While signing a fit compressed data (i.e. 'blob-ext') is decompressed, but never compressed again. When compressed data was wrapped in a section, decompression leads to an error because the outer section had the original compressed size but the inner entry has the uncompressed

[PATCH v2 01/11] binman: elf: Check for ELF_TOOLS availability and remove extra semicolon

From: Lukas Funke Check if elf tools are available when running DecodeElf(). Also remove superfuous semicolon at line ending. Signed-off-by: Lukas Funke Reviewed-by: Simon Glass --- (no changes since v1) tools/binman/elf.py | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-)

[PATCH 07/12] binman: btool: Add fdt_add_pubkey as btool

From: Lukas Funke Add btool which calls 'fdt_add_pubkey' Signed-off-by: Lukas Funke --- tools/binman/btool/fdt_add_pubkey.py | 67 1 file changed, 67 insertions(+) create mode 100644 tools/binman/btool/fdt_add_pubkey.py diff --git

[PATCH 08/12] binman: etype: Add u_boot_spl_pubkey_dtb etype

From: Lukas Funke This adds a new etype 'u_boot_spl_pubkey_dtb'. The etype adds the public key from a certificate to the dtb. This creates a '/signature' node which is turn contains the fields which make up the public key. Usually this is done by 'mkimage -K'. However, 'binman sign' does not add

[PATCH 03/12] binman: Don't decompress data while signing

From: Lukas Funke While signing a fit compressed data (i.e. 'blob-ext') is decompressed, but never compressed again. When compressed data was wrapped in a section, decompression leads to an error because the outer section had the original compressed size but the inner entry has the uncompressed

[PATCH 02/12] binman: mkimage: Remove extra colon

From: Lukas Funke Remove extra colon typo Signed-off-by: Lukas Funke --- tools/binman/etype/mkimage.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/binman/etype/mkimage.py b/tools/binman/etype/mkimage.py index e028c44070..dd734fc779 100644 ---

[PATCH 09/12] binman: doc: Add documentation for Xilinx Bootgen bintool

From: Lukas Funke Add documentation for the 'bootgen' bintool Signed-off-by: Lukas Funke --- tools/binman/bintools.rst | 12 1 file changed, 12 insertions(+) diff --git a/tools/binman/bintools.rst b/tools/binman/bintools.rst index 88221adbe1..c8d69f7177 100644 ---

[PATCH 11/12] binman: ftest: Add test for xilinx_fsbl_auth etype

From: Lukas Funke Add test for the 'xilinx_fsbl_auth' etype Signed-off-by: Lukas Funke --- tools/binman/ftest.py | 8 tools/binman/test/280_xilinx_fsb_auth.dts | 22 ++ 2 files changed, 30 insertions(+) create mode 100644

[PATCH 05/12] binman: doc: Add documentation for fdt_add_pubkey bintool

From: Lukas Funke Add documentation for btool which calls 'fdt_add_pubkey' Signed-off-by: Lukas Funke --- tools/binman/bintools.rst | 10 ++ 1 file changed, 10 insertions(+) diff --git a/tools/binman/bintools.rst b/tools/binman/bintools.rst index c30e7eb9ff..88221adbe1 100644 ---

[PATCH 06/12] binman: ftest: Add test for u_boot_spl_pubkey_dtb

From: Lukas Funke Add test for u_boot_spl_pubkey_dtb. The test adds a public key to the dtb and checks if the required nodes will be added to the images dtb. Signed-off-by: Lukas Funke --- tools/binman/ftest.py| 32

[PATCH 12/12] binman: etype: Add xilinx_fsbl_auth etype

From: Lukas Funke This adds a new etype 'xilinx_fsbl_auth'. Using this etype it is possible to created an authenticated SPL (FSBL in Xilinx terms) for ZynqMP boards. The etype uses Xilinx Bootgen tools in order to transform the SPL into a bootable image and sign the image with a given primary

[PATCH 10/12] binman: btool: Add Xilinx Bootgen btool

From: Lukas Funke Add the Xilinx Bootgen as bintool. Xilinx Bootgen is used to create bootable SPL (FSBL in Xilinx terms) images for Zynq/ZynqMP devices. The btool creates a signed version of the SPL. Signed-off-by: Lukas Funke --- tools/binman/btool/bootgen.py | 82

[PATCH 04/12] binman: blob_dtb: Add fake_size argument to ObtainContents()

From: Lukas Funke The method 'connect_contents_to_file()' calls ObtainsContents() with 'fake_size' argument. Without providing the argument in the blob_dtb we are not able to call this method without error. Signed-off-by: Lukas Funke --- tools/binman/etype/blob_dtb.py | 2 +- 1 file changed,

[PATCH 00/12] Sign Xilinx ZynqMP SPL/FSBL boot images using binman

From: Lukas Funke This series adds two etypes to create a verified boot chain for Xilinx ZynqMP devices. The first etype 'xilinx_fsbl_auth' is used to create a bootable, signed image for ZynqMP boards using the Xilinx Bootgen tool. The second etype 'u_boot_spl_pubkey_dtb' is used to add a

[PATCH 01/12] binman: elf: Check for ELF_TOOLS availability and remove extra semicolon

From: Lukas Funke Check if elf tools are available when running DecodeElf(). Also remove superfuous semicolon at line ending. Signed-off-by: Lukas Funke --- tools/binman/elf.py | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tools/binman/elf.py

<    1   2