Hi Simon, > -----Original Message----- > From: Simon Glass <s...@chromium.org> > Sent: Friday, January 8, 2021 12:22 AM > To: Lim, Elly Siew Chin <elly.siew.chin....@intel.com> > Cc: U-Boot Mailing List <u-boot@lists.denx.de>; Marek Vasut > <ma...@denx.de>; Tan, Ley Foon <ley.foon....@intel.com>; See, Chin Liang > <chin.liang....@intel.com>; Simon Goldschmidt > <simon.k.r.goldschm...@gmail.com>; Chee, Tien Fong > <tien.fong.c...@intel.com>; Westergreen, Dalon > <dalon.westergr...@intel.com>; Gan, Yau Wai <yau.wai....@intel.com> > Subject: Re: [v2 4/6] arm: socfpga: dts: soc64: Update filename in binman node > of FIT image with VAB support > > Hi Siew Chin, > > On Thu, 7 Jan 2021 at 07:13, Lim, Elly Siew Chin > <elly.siew.chin....@intel.com> > wrote: > > > > Hi Simon, > > > > > -----Original Message----- > > > From: Simon Glass <s...@chromium.org> > > > Sent: Thursday, January 7, 2021 8:37 PM > > > To: Lim, Elly Siew Chin <elly.siew.chin....@intel.com> > > > Cc: U-Boot Mailing List <u-boot@lists.denx.de>; Marek Vasut > > > <ma...@denx.de>; Tan, Ley Foon <ley.foon....@intel.com>; See, Chin > > > Liang <chin.liang....@intel.com>; Simon Goldschmidt > > > <simon.k.r.goldschm...@gmail.com>; Chee, Tien Fong > > > <tien.fong.c...@intel.com>; Westergreen, Dalon > > > <dalon.westergr...@intel.com>; Gan, Yau Wai <yau.wai....@intel.com> > > > Subject: Re: [v2 4/6] arm: socfpga: dts: soc64: Update filename in > > > binman node of FIT image with VAB support > > > > > > On Thu, 7 Jan 2021 at 03:03, Siew Chin Lim > > > <elly.siew.chin....@intel.com> > > > wrote: > > > > > > > > FIT image of Vendor Authentication Coot (VAB) contains signed images. > > > > > > > > Signed-off-by: Siew Chin Lim <elly.siew.chin....@intel.com> > > > > --- > > > > arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi | 22 > > > > ++++++++++++++++++++++ > > > > 1 file changed, 22 insertions(+) > > > > > > > > > > I'm not quite sure what is happening here, but consider using two > > > separate files rather than what looks like a patch over an existing one. > > > > > > > There are two boot flow will use binman (socfpga_soc64_fit-u-boot.dtsi) to > generate u-boot.fit and kernel.fit: > > 1. socfpga_agilex_atf_defconfig (boot via ATF) > > 2. socfpga_agilex_vab_defconfig (boot via ATF with VAB enabled, > > support authentication on bl31, u-boot, Linux images) > > > > The binman node settings are the same for both flows. With VAB enabled, all > inputs file need to be signed before generate FIT image. We would like to use > different input file name to remind user that they need to sign all bl31, > u-boot, > Linux images when using binman to generate FIT image. > > > > Due to the binman node settings are identical and only the file name need to > be different, so we prefer to share the same socfpga_soc64_fit-u-boot.dtsi for > both flows. > > Reviewed-by: Simon Glass <s...@chromium.org> > > OK I see. > > Who does the signing of the inputs? Is that something binman could/should do?
In our case, we will provide user Intel proprietary tools to sign the image, and we have our signature format. User need to follow the steps and sign the Images, and call binman to convert into FIT image. I think maybe it is not suitable to incorporate any external proprietary tools into binman. Thanks, Siew Chin > > Regards, > Simon
