Hi Siew Chin, On Thu, 7 Jan 2021 at 07:13, Lim, Elly Siew Chin <[email protected]> wrote: > > Hi Simon, > > > -----Original Message----- > > From: Simon Glass <[email protected]> > > Sent: Thursday, January 7, 2021 8:37 PM > > To: Lim, Elly Siew Chin <[email protected]> > > Cc: U-Boot Mailing List <[email protected]>; Marek Vasut > > <[email protected]>; Tan, Ley Foon <[email protected]>; See, Chin Liang > > <[email protected]>; Simon Goldschmidt > > <[email protected]>; Chee, Tien Fong > > <[email protected]>; Westergreen, Dalon > > <[email protected]>; Gan, Yau Wai <[email protected]> > > Subject: Re: [v2 4/6] arm: socfpga: dts: soc64: Update filename in binman > > node > > of FIT image with VAB support > > > > On Thu, 7 Jan 2021 at 03:03, Siew Chin Lim <[email protected]> > > wrote: > > > > > > FIT image of Vendor Authentication Coot (VAB) contains signed images. > > > > > > Signed-off-by: Siew Chin Lim <[email protected]> > > > --- > > > arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi | 22 > > > ++++++++++++++++++++++ > > > 1 file changed, 22 insertions(+) > > > > > > > I'm not quite sure what is happening here, but consider using two separate > > files > > rather than what looks like a patch over an existing one. > > > > There are two boot flow will use binman (socfpga_soc64_fit-u-boot.dtsi) to > generate u-boot.fit and kernel.fit: > 1. socfpga_agilex_atf_defconfig (boot via ATF) > 2. socfpga_agilex_vab_defconfig (boot via ATF with VAB enabled, support > authentication on bl31, u-boot, Linux images) > > The binman node settings are the same for both flows. With VAB enabled, all > inputs file need to be signed before generate FIT image. We would like to use > different input file name to remind user that they need to sign all bl31, > u-boot, Linux images when using binman to generate FIT image. > > Due to the binman node settings are identical and only the file name need to > be different, so we prefer to share the same socfpga_soc64_fit-u-boot.dtsi > for both flows.
Reviewed-by: Simon Glass <[email protected]> OK I see. Who does the signing of the inputs? Is that something binman could/should do? Regards, Simon
