Hi Simon, > -----Original Message----- > From: Simon Glass <s...@chromium.org> > Sent: Friday, January 8, 2021 11:24 AM > To: Lim, Elly Siew Chin <elly.siew.chin....@intel.com> > Cc: U-Boot Mailing List <u-boot@lists.denx.de>; Marek Vasut > <ma...@denx.de>; Tan, Ley Foon <ley.foon....@intel.com>; See, Chin Liang > <chin.liang....@intel.com>; Simon Goldschmidt > <simon.k.r.goldschm...@gmail.com>; Chee, Tien Fong > <tien.fong.c...@intel.com>; Westergreen, Dalon > <dalon.westergr...@intel.com>; Gan, Yau Wai <yau.wai....@intel.com> > Subject: Re: [v2 4/6] arm: socfpga: dts: soc64: Update filename in binman node > of FIT image with VAB support > > Hi Slew Elly, > > On Thu, 7 Jan 2021 at 17:57, Lim, Elly Siew Chin > <elly.siew.chin....@intel.com> > wrote: > > > > Hi Simon, > > > > > -----Original Message----- > > > From: Simon Glass <s...@chromium.org> > > > Sent: Friday, January 8, 2021 12:22 AM > > > To: Lim, Elly Siew Chin <elly.siew.chin....@intel.com> > > > Cc: U-Boot Mailing List <u-boot@lists.denx.de>; Marek Vasut > > > <ma...@denx.de>; Tan, Ley Foon <ley.foon....@intel.com>; See, Chin > > > Liang <chin.liang....@intel.com>; Simon Goldschmidt > > > <simon.k.r.goldschm...@gmail.com>; Chee, Tien Fong > > > <tien.fong.c...@intel.com>; Westergreen, Dalon > > > <dalon.westergr...@intel.com>; Gan, Yau Wai <yau.wai....@intel.com> > > > Subject: Re: [v2 4/6] arm: socfpga: dts: soc64: Update filename in > > > binman node of FIT image with VAB support > > > > > > Hi Siew Chin, > > > > > > On Thu, 7 Jan 2021 at 07:13, Lim, Elly Siew Chin > > > <elly.siew.chin....@intel.com> > > > wrote: > > > > > > > > Hi Simon, > > > > > > > > > -----Original Message----- > > > > > From: Simon Glass <s...@chromium.org> > > > > > Sent: Thursday, January 7, 2021 8:37 PM > > > > > To: Lim, Elly Siew Chin <elly.siew.chin....@intel.com> > > > > > Cc: U-Boot Mailing List <u-boot@lists.denx.de>; Marek Vasut > > > > > <ma...@denx.de>; Tan, Ley Foon <ley.foon....@intel.com>; See, > > > > > Chin Liang <chin.liang....@intel.com>; Simon Goldschmidt > > > > > <simon.k.r.goldschm...@gmail.com>; Chee, Tien Fong > > > > > <tien.fong.c...@intel.com>; Westergreen, Dalon > > > > > <dalon.westergr...@intel.com>; Gan, Yau Wai > > > > > <yau.wai....@intel.com> > > > > > Subject: Re: [v2 4/6] arm: socfpga: dts: soc64: Update filename > > > > > in binman node of FIT image with VAB support > > > > > > > > > > On Thu, 7 Jan 2021 at 03:03, Siew Chin Lim > > > > > <elly.siew.chin....@intel.com> > > > > > wrote: > > > > > > > > > > > > FIT image of Vendor Authentication Coot (VAB) contains signed > > > > > > images. > > > > > > > > > > > > Signed-off-by: Siew Chin Lim <elly.siew.chin....@intel.com> > > > > > > --- > > > > > > arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi | 22 > > > > > > ++++++++++++++++++++++ > > > > > > 1 file changed, 22 insertions(+) > > > > > > > > > > > > > > > > I'm not quite sure what is happening here, but consider using > > > > > two separate files rather than what looks like a patch over an > > > > > existing > one. > > > > > > > > > > > > > There are two boot flow will use binman > > > > (socfpga_soc64_fit-u-boot.dtsi) to > > > generate u-boot.fit and kernel.fit: > > > > 1. socfpga_agilex_atf_defconfig (boot via ATF) > > > > 2. socfpga_agilex_vab_defconfig (boot via ATF with VAB > > > > enabled, support authentication on bl31, u-boot, Linux images) > > > > > > > > The binman node settings are the same for both flows. With VAB > > > > enabled, all > > > inputs file need to be signed before generate FIT image. We would > > > like to use different input file name to remind user that they need > > > to sign all bl31, u-boot, Linux images when using binman to generate FIT > image. > > > > > > > > Due to the binman node settings are identical and only the file > > > > name need to > > > be different, so we prefer to share the same > > > socfpga_soc64_fit-u-boot.dtsi for both flows. > > > > > > Reviewed-by: Simon Glass <s...@chromium.org> > > > > > > OK I see. > > > > > > Who does the signing of the inputs? Is that something binman could/should > do? > > > > In our case, we will provide user Intel proprietary tools to sign the > > image, and > we have our signature format. > > User need to follow the steps and sign the Images, and call binman to > > convert > into FIT image. > > I think maybe it is not suitable to incorporate any external proprietary > > tools > into binman. > > Possibly, although we already have quite a few. Is the tool secret or can it > be > downloaded from somewhere? If the latter, see how cbfstool is handled.
It is licensed software. > > Regards, > Simon