Hi Simon, > -----Original Message----- > From: Simon Glass <[email protected]> > Sent: Friday, January 8, 2021 12:22 AM > To: Lim, Elly Siew Chin <[email protected]> > Cc: U-Boot Mailing List <[email protected]>; Marek Vasut > <[email protected]>; Tan, Ley Foon <[email protected]>; See, Chin Liang > <[email protected]>; Simon Goldschmidt > <[email protected]>; Chee, Tien Fong > <[email protected]>; Westergreen, Dalon > <[email protected]>; Gan, Yau Wai <[email protected]> > Subject: Re: [v2 4/6] arm: socfpga: dts: soc64: Update filename in binman node > of FIT image with VAB support > > Hi Siew Chin, > > On Thu, 7 Jan 2021 at 07:13, Lim, Elly Siew Chin > <[email protected]> > wrote: > > > > Hi Simon, > > > > > -----Original Message----- > > > From: Simon Glass <[email protected]> > > > Sent: Thursday, January 7, 2021 8:37 PM > > > To: Lim, Elly Siew Chin <[email protected]> > > > Cc: U-Boot Mailing List <[email protected]>; Marek Vasut > > > <[email protected]>; Tan, Ley Foon <[email protected]>; See, Chin > > > Liang <[email protected]>; Simon Goldschmidt > > > <[email protected]>; Chee, Tien Fong > > > <[email protected]>; Westergreen, Dalon > > > <[email protected]>; Gan, Yau Wai <[email protected]> > > > Subject: Re: [v2 4/6] arm: socfpga: dts: soc64: Update filename in > > > binman node of FIT image with VAB support > > > > > > On Thu, 7 Jan 2021 at 03:03, Siew Chin Lim > > > <[email protected]> > > > wrote: > > > > > > > > FIT image of Vendor Authentication Coot (VAB) contains signed images. > > > > > > > > Signed-off-by: Siew Chin Lim <[email protected]> > > > > --- > > > > arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi | 22 > > > > ++++++++++++++++++++++ > > > > 1 file changed, 22 insertions(+) > > > > > > > > > > I'm not quite sure what is happening here, but consider using two > > > separate files rather than what looks like a patch over an existing one. > > > > > > > There are two boot flow will use binman (socfpga_soc64_fit-u-boot.dtsi) to > generate u-boot.fit and kernel.fit: > > 1. socfpga_agilex_atf_defconfig (boot via ATF) > > 2. socfpga_agilex_vab_defconfig (boot via ATF with VAB enabled, > > support authentication on bl31, u-boot, Linux images) > > > > The binman node settings are the same for both flows. With VAB enabled, all > inputs file need to be signed before generate FIT image. We would like to use > different input file name to remind user that they need to sign all bl31, > u-boot, > Linux images when using binman to generate FIT image. > > > > Due to the binman node settings are identical and only the file name need to > be different, so we prefer to share the same socfpga_soc64_fit-u-boot.dtsi for > both flows. > > Reviewed-by: Simon Glass <[email protected]> > > OK I see. > > Who does the signing of the inputs? Is that something binman could/should do?
In our case, we will provide user Intel proprietary tools to sign the image, and we have our signature format. User need to follow the steps and sign the Images, and call binman to convert into FIT image. I think maybe it is not suitable to incorporate any external proprietary tools into binman. Thanks, Siew Chin > > Regards, > Simon
