Hi Siew Chin, On Thu, 7 Jan 2021 at 07:13, Lim, Elly Siew Chin <elly.siew.chin....@intel.com> wrote: > > Hi Simon, > > > -----Original Message----- > > From: Simon Glass <s...@chromium.org> > > Sent: Thursday, January 7, 2021 8:37 PM > > To: Lim, Elly Siew Chin <elly.siew.chin....@intel.com> > > Cc: U-Boot Mailing List <u-boot@lists.denx.de>; Marek Vasut > > <ma...@denx.de>; Tan, Ley Foon <ley.foon....@intel.com>; See, Chin Liang > > <chin.liang....@intel.com>; Simon Goldschmidt > > <simon.k.r.goldschm...@gmail.com>; Chee, Tien Fong > > <tien.fong.c...@intel.com>; Westergreen, Dalon > > <dalon.westergr...@intel.com>; Gan, Yau Wai <yau.wai....@intel.com> > > Subject: Re: [v2 4/6] arm: socfpga: dts: soc64: Update filename in binman > > node > > of FIT image with VAB support > > > > On Thu, 7 Jan 2021 at 03:03, Siew Chin Lim <elly.siew.chin....@intel.com> > > wrote: > > > > > > FIT image of Vendor Authentication Coot (VAB) contains signed images. > > > > > > Signed-off-by: Siew Chin Lim <elly.siew.chin....@intel.com> > > > --- > > > arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi | 22 > > > ++++++++++++++++++++++ > > > 1 file changed, 22 insertions(+) > > > > > > > I'm not quite sure what is happening here, but consider using two separate > > files > > rather than what looks like a patch over an existing one. > > > > There are two boot flow will use binman (socfpga_soc64_fit-u-boot.dtsi) to > generate u-boot.fit and kernel.fit: > 1. socfpga_agilex_atf_defconfig (boot via ATF) > 2. socfpga_agilex_vab_defconfig (boot via ATF with VAB enabled, support > authentication on bl31, u-boot, Linux images) > > The binman node settings are the same for both flows. With VAB enabled, all > inputs file need to be signed before generate FIT image. We would like to use > different input file name to remind user that they need to sign all bl31, > u-boot, Linux images when using binman to generate FIT image. > > Due to the binman node settings are identical and only the file name need to > be different, so we prefer to share the same socfpga_soc64_fit-u-boot.dtsi > for both flows.
Reviewed-by: Simon Glass <s...@chromium.org> OK I see. Who does the signing of the inputs? Is that something binman could/should do? Regards, Simon