]> git.dujemihanovic.xyz Git - u-boot.git/commitdiff
configs: am62a: use kernel fitImage when using secure bootflow
authorBryan Brattlof <bb@ti.com>
Sat, 24 Dec 2022 01:15:25 +0000 (19:15 -0600)
committerTom Rini <trini@konsulko.com>
Tue, 10 Jan 2023 20:39:07 +0000 (15:39 -0500)
In order to maintain the chain of trust, each stage of the boot process
will first authenticate each binary it loads before continuing. To
extend this to the kernal and its dtbs we can package the kernal and
its dtbs into another fitImage for Uboot to authenticate and extend the
chain of trust all the way to the kernel.

When 'boot_fit' is set, indicating we're using the secure bootflow, look
for and authenticate the kernel's fitImage.

Signed-off-by: Judith Mendez <jm@ti.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
include/configs/am62ax_evm.h

index ba67c98693b0ad988853170dd6187568ee5b4480..cdd639b930967bee5bd4665b113b60cdb9109c6e 100644 (file)
        EXTRA_ENV_AM62A7_BOARD_SETTINGS_MMC                             \
        "bootcmd_ti_mmc="                                               \
                "run findfdt; run envboot; run init_mmc;"               \
-               "run get_kern_mmc; run get_fdt_mmc;"                    \
-               "run get_overlay_mmc;"                                  \
-               "run run_kern;\0"
+               "if test ${boot_fit} -eq 1; then;"                      \
+                       "run get_fit_mmc; run get_overlaystring;"       \
+                       "run run_fit;"                                  \
+               "else;"                                                 \
+                       "run get_kern_mmc; run get_fdt_mmc;"            \
+                       "run get_overlay_mmc;"                          \
+                       "run run_kern;"                                 \
+               "fi;\0"
 
 #define BOOTENV_DEV_NAME_TI_MMC(devtyeu, devtypel, instance)           \
        "ti_mmc "