Re: [v2 4/6] arm: socfpga: dts: soc64: Update filename in binman node of FIT image with VAB support

Thu, 07 Jan 2021 08:22:40 -0800 

Hi Siew Chin,

On Thu, 7 Jan 2021 at 07:13, Lim, Elly Siew Chin
<elly.siew.chin....@intel.com> wrote:
>
> Hi Simon,
>
> > -----Original Message-----
> > From: Simon Glass <s...@chromium.org>
> > Sent: Thursday, January 7, 2021 8:37 PM
> > To: Lim, Elly Siew Chin <elly.siew.chin....@intel.com>
> > Cc: U-Boot Mailing List <u-boot@lists.denx.de>; Marek Vasut
> > <ma...@denx.de>; Tan, Ley Foon <ley.foon....@intel.com>; See, Chin Liang
> > <chin.liang....@intel.com>; Simon Goldschmidt
> > <simon.k.r.goldschm...@gmail.com>; Chee, Tien Fong
> > <tien.fong.c...@intel.com>; Westergreen, Dalon
> > <dalon.westergr...@intel.com>; Gan, Yau Wai <yau.wai....@intel.com>
> > Subject: Re: [v2 4/6] arm: socfpga: dts: soc64: Update filename in binman 
> > node
> > of FIT image with VAB support
> >
> > On Thu, 7 Jan 2021 at 03:03, Siew Chin Lim <elly.siew.chin....@intel.com>
> > wrote:
> > >
> > > FIT image of Vendor Authentication Coot (VAB) contains signed images.
> > >
> > > Signed-off-by: Siew Chin Lim <elly.siew.chin....@intel.com>
> > > ---
> > >  arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi | 22
> > > ++++++++++++++++++++++
> > >  1 file changed, 22 insertions(+)
> > >
> >
> > I'm not quite sure what is happening here, but consider using two separate 
> > files
> > rather than what looks like a patch over an existing one.
> >
>
> There are two boot flow will use binman (socfpga_soc64_fit-u-boot.dtsi) to 
> generate u-boot.fit and kernel.fit:
>     1. socfpga_agilex_atf_defconfig (boot via ATF)
>     2. socfpga_agilex_vab_defconfig (boot via ATF with VAB enabled, support 
> authentication on bl31, u-boot, Linux images)
>
> The binman node settings are the same for both flows. With VAB enabled, all 
> inputs file need to be signed before generate FIT image. We would like to use 
> different input file name to remind user that they need to sign all bl31, 
> u-boot, Linux images when using binman to generate FIT image.
>
> Due to the binman node settings are identical and only the file name need to 
> be different, so we prefer to share the same socfpga_soc64_fit-u-boot.dtsi 
> for both flows.

Reviewed-by: Simon Glass <s...@chromium.org>

OK I see.

Who does the signing of the inputs? Is that something binman could/should do?

Regards,
Simon

Reply via email to