Re: 8e35bb07eb mkimage: Support automatic creating of a FIT without a .its
Hi Wolfgang, On Mon, 25 May 2020 at 05:38, Wolfgang Denk wrote: > > Hi Simon, > > your commit 8e35bb07eb (2016-03-14) "mkimage: Support automatic > creating of a FIT without a .its" added the "-f auto" option to > mkimage. While convenient in many situation, I had to notice that > with "-f auto" there is no checksum information included with any of > the blobs stored in the FIT image. > > I guess the rationale was that the primary use case for this was to > generate combinations of a U-Boot image with several device tree > blobs to be used / selected by the SPL, as one can see for example > in scripts/Makefile.spl : > > MKIMAGEFLAGS_$(SPL_BIN).multidtb.fit = -f auto -A $(ARCH) -T firmware -C none > -O u-boot \ > -n "Multi DTB fit image for $(SPL_BIN)" -E \ > $(patsubst %,-b %,$(SHRUNK_ARCH_DTB)) > > And - at least at that time - most implementations of the SPL did > not need/want checksum verification. > > > However I'm asking myself if this is not an unfortunate choice. > It is trivial for a not-checksum-enabled SPL to ignore any checksum > in the image, but not the other way round: if there is no checksum > in the images, the SPL will never be able to verify one. > > > Would it not be a more reasonable default for operation unter the > "-f auto" flag to enable at least simple checksumming, say by > auto-adding something like > > hash-1 { > algo = "crc32"; > }; > > to the generated descriptions? Yes it should be easy to add that. I'll take a look. Regards, Simon
8e35bb07eb mkimage: Support automatic creating of a FIT without a .its
Hi Simon, your commit 8e35bb07eb (2016-03-14) "mkimage: Support automatic creating of a FIT without a .its" added the "-f auto" option to mkimage. While convenient in many situation, I had to notice that with "-f auto" there is no checksum information included with any of the blobs stored in the FIT image. I guess the rationale was that the primary use case for this was to generate combinations of a U-Boot image with several device tree blobs to be used / selected by the SPL, as one can see for example in scripts/Makefile.spl : MKIMAGEFLAGS_$(SPL_BIN).multidtb.fit = -f auto -A $(ARCH) -T firmware -C none -O u-boot \ -n "Multi DTB fit image for $(SPL_BIN)" -E \ $(patsubst %,-b %,$(SHRUNK_ARCH_DTB)) And - at least at that time - most implementations of the SPL did not need/want checksum verification. However I'm asking myself if this is not an unfortunate choice. It is trivial for a not-checksum-enabled SPL to ignore any checksum in the image, but not the other way round: if there is no checksum in the images, the SPL will never be able to verify one. Would it not be a more reasonable default for operation unter the "-f auto" flag to enable at least simple checksumming, say by auto-adding something like hash-1 { algo = "crc32"; }; to the generated descriptions? Best regards, Wolfgang Denk -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de "It is better to have tried and failed than to have failed to try, but the result's the same." - Mike Dennison