@@ -125,8 +125,7 @@ config FIT_BEST_MATCH
config FIT_IMAGE_POST_PROCESS
bool "Enable post-processing of FIT artifacts after loading by U-Boot"
depends on FIT
- depends on TI_SECURE_DEVICE || SOCFPGA_SECURE_VAB_AUTH
- default y if TI_SECURE_DEVICE && !FIT_SIGNATURE
+ depends on SOCFPGA_SECURE_VAB_AUTH
help
Allows doing any sort of manipulation to blobs after they got extracted
from FIT images like stripping off headers or modifying the size of the
@@ -41,6 +41,8 @@ CONFIG_SPL_OF_CONTROL=y
CONFIG_MULTI_DTB_FIT=y
CONFIG_SPL_MULTI_DTB_FIT=y
CONFIG_SPL_MULTI_DTB_FIT_NO_COMPRESSION=y
+CONFIG_FIT_SIGNATURE=y
+CONFIG_RSA=y
CONFIG_SPL_DM=y
CONFIG_SPL_DM_SEQ_ALIAS=y
CONFIG_REGMAP=y
@@ -29,6 +29,8 @@ CONFIG_SPL_LOAD_FIT=y
CONFIG_SPL_LOAD_FIT_ADDRESS=0x81000000
CONFIG_DISTRO_DEFAULTS=y
CONFIG_BOOTCOMMAND="run findfdt; run envboot; run init_${boot}; run get_kern_${boot}; run get_fdt_${boot}; run get_overlay_${boot}; run run_kern; setenv fdtfile ti/${name_fdt}; run distro_bootcmd"
+CONFIG_FIT_SIGNATURE=y
+CONFIG_RSA=y
CONFIG_SPL_MAX_SIZE=0x58000
CONFIG_SPL_HAS_BSS_LINKER_SECTION=y
CONFIG_SPL_BSS_START_ADDR=0x80a00000
@@ -35,6 +35,8 @@ CONFIG_SPL_LOAD_FIT_ADDRESS=0x81000000
CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y
CONFIG_DISTRO_DEFAULTS=y
CONFIG_BOOTCOMMAND="run findfdt; run envboot; run init_${boot}; run get_kern_${boot}; run get_fdt_${boot}; run run_kern"
+CONFIG_FIT_SIGNATURE=y
+CONFIG_RSA=y
CONFIG_BOARD_LATE_INIT=y
CONFIG_SPL_MAX_SIZE=0x180000
CONFIG_SPL_HAS_BSS_LINKER_SECTION=y
@@ -34,6 +34,8 @@ CONFIG_SPL_LOAD_FIT_ADDRESS=0x81000000
CONFIG_OF_BOARD_SETUP=y
CONFIG_DISTRO_DEFAULTS=y
CONFIG_BOOTCOMMAND="run findfdt; run envboot; run init_${boot}; run boot_rprocs; if test ${boot_fit} -eq 1; then run get_fit_${boot}; run get_overlaystring; run run_fit; else; run get_kern_${boot}; run get_fdt_${boot}; run get_overlay_${boot}; run run_kern; fi; run distro_bootcmd"
+CONFIG_FIT_SIGNATURE=y
+CONFIG_RSA=y
CONFIG_LOGLEVEL=7
CONFIG_SPL_MAX_SIZE=0xc0000
CONFIG_SPL_HAS_BSS_LINKER_SECTION=y
@@ -32,6 +32,8 @@ CONFIG_SPL_LOAD_FIT_ADDRESS=0x81000000
CONFIG_OF_BOARD_SETUP=y
CONFIG_DISTRO_DEFAULTS=y
CONFIG_BOOTCOMMAND="run findfdt; run envboot; run init_${boot}; run main_cpsw0_qsgmii_phyinit; run boot_rprocs; if test ${boot_fit} -eq 1; then run get_fit_${boot}; run get_overlaystring; run run_fit; else; run get_kern_${boot}; run get_fdt_${boot}; run get_overlay_${boot}; run run_kern; fi; run distro_bootcmd"
+CONFIG_FIT_SIGNATURE=y
+CONFIG_RSA=y
CONFIG_LOGLEVEL=7
CONFIG_SPL_MAX_SIZE=0xc0000
CONFIG_SPL_HAS_BSS_LINKER_SECTION=y
@@ -32,6 +32,8 @@ CONFIG_SPL_LOAD_FIT_ADDRESS=0x81000000
CONFIG_OF_BOARD_SETUP=y
CONFIG_DISTRO_DEFAULTS=y
CONFIG_BOOTCOMMAND="run findfdt; run envboot; run init_${boot}; run boot_rprocs; if test ${boot_fit} -eq 1; then run get_fit_${boot}; run get_overlaystring; run run_fit; else; run get_kern_${boot}; run get_fdt_${boot}; run get_overlay_${boot}; run run_kern; fi; run distro_bootcmd"
+CONFIG_FIT_SIGNATURE=y
+CONFIG_RSA=y
CONFIG_LOGLEVEL=7
CONFIG_SPL_MAX_SIZE=0xc0000
CONFIG_SPL_HAS_BSS_LINKER_SECTION=y
We are moving towards the standard fit signature booting that requires the following configs to be enabled, enable them in all k3 socs to allow signed fit booting. Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com> --- boot/Kconfig | 3 +-- configs/am62ax_evm_a53_defconfig | 2 ++ configs/am62x_evm_a53_defconfig | 2 ++ configs/am64x_evm_a53_defconfig | 2 ++ configs/j7200_evm_a72_defconfig | 2 ++ configs/j721e_evm_a72_defconfig | 2 ++ configs/j721s2_evm_a72_defconfig | 2 ++ 7 files changed, 13 insertions(+), 2 deletions(-)