From patchwork Thu Sep 1 05:54:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jit Loon Lim X-Patchwork-Id: 1672661 X-Patchwork-Delegate: marek.vasut@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256 header.s=Intel header.b=JDYozAcU; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MJ9Hh6R0Kz1ygc for ; Thu, 1 Sep 2022 15:55:12 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id BD519848FB; Thu, 1 Sep 2022 07:55:07 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=intel.com header.i=@intel.com header.b="JDYozAcU"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id D386C84895; Thu, 1 Sep 2022 07:55:05 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=0.9 required=5.0 tests=AC_FROM_MANY_DOTS,BAYES_00, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, SPF_HELO_PASS,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 8A7348482E for ; Thu, 1 Sep 2022 07:55:02 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: phobos.denx.de; spf=none smtp.mailfrom=jitloonl@ecsmtp.png.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1662011702; x=1693547702; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=P09EPn98iN/Ry8vOlrztHXGCZDMMwfIHtuJd4oy21Is=; b=JDYozAcUzTql0vJNEjVJkLMt+NQ7Q2Y/LkO4TqZ8gKosmpJOxlfDT+IM t1jh7keGJlNhJEBX6KUbVnz3v2iM/t1WhVgIZphg4xK3/p2jfo/2aC3/C YXmrWD7ZB8axK/QwaIVWHcSfYtQ9YbPahkvSGfyfCB4rkg7XhjDw5jFFQ r4kPbN4iSed9/U4jXQCbGCqVb+jWdAZuixJ1g17F9UAzJCLxQxmlMtOrO YfSNUGq1zKIx8T1SoeDB13xB4J46DPQclpdwSwU5Dd4iL0NBXTAMH2DzQ hi2qRo5q4JX2vw5T7HSnBrcbVon7O+7qJsaMp1NrSf/CtzxtN6qadH334 Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10456"; a="275372087" X-IronPort-AV: E=Sophos;i="5.93,280,1654585200"; d="scan'208";a="275372087" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Aug 2022 22:55:00 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,280,1654585200"; d="scan'208";a="754684103" Received: from pglmail07.png.intel.com ([10.221.193.207]) by fmsmga001.fm.intel.com with ESMTP; 31 Aug 2022 22:54:56 -0700 Received: from localhost (pgli0117.png.intel.com [10.221.240.80]) by pglmail07.png.intel.com (Postfix) with ESMTP id F09EA32E3; Thu, 1 Sep 2022 13:54:55 +0800 (+08) Received: by localhost (Postfix, from userid 12048045) id EC8EF3D21; Thu, 1 Sep 2022 13:54:55 +0800 (+08) From: Jit Loon Lim To: u-boot@lists.denx.de Cc: Jagan Teki , Vignesh R , Marek , Simon , Tien Fong , Kok Kiang , Siew Chin , Sin Hui , Raaj , Dinesh , Boon Khai , Alif , Teik Heng , Hazim , Sieu Mun Tang , Jit Loon Lim , "Ooi, Joyce" , Ooi@ecsmtp.png.intel.com Subject: [PATCH] HSD #2205749969: board: altera: Add fitImage to support S10 secure boot for both U-Boot and kernel Date: Thu, 1 Sep 2022 13:54:54 +0800 Message-Id: <20220901055454.27774-1-jit.loon.lim@intel.com> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean From: "Ooi, Joyce" FitImage files are added to load Linux kernel image and U-boot image for Stratix10 Secure Boot. Signed-off-by: Ooi, Joyce Signed-off-by: Jit Loon Lim --- .../stratix10-socdk/its/kernel-sign.its | 51 +++++++++++++++++++ .../altera/stratix10-socdk/its/uboot-sign.its | 41 +++++++++++++++ 2 files changed, 92 insertions(+) create mode 100644 board/altera/stratix10-socdk/its/kernel-sign.its create mode 100644 board/altera/stratix10-socdk/its/uboot-sign.its diff --git a/board/altera/stratix10-socdk/its/kernel-sign.its b/board/altera/stratix10-socdk/its/kernel-sign.its new file mode 100644 index 0000000000..5136365b99 --- /dev/null +++ b/board/altera/stratix10-socdk/its/kernel-sign.its @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2019 Intel Corporation. All rights reserved + * + * SPDX-License-Identifier: GPL-2.0 + */ + +/dts-v1/; + +/ { + description = "Linux kernel image with FDT blob"; + #address-cells = <1>; + + images { + kernel { + description = "Linux Kernel"; + data = /incbin/("Image"); + type = "kernel"; + arch = "arm64"; + os = "linux"; + compression = "none"; + load = <0x2080000>; + entry = <0x2080000>; + hash { + algo = "sha256"; + }; + }; + fdt { + description = "Linux DTB"; + data = /incbin/("socfpga_stratix10_socdk.dtb"); + type = "flat_dt"; + arch = "arm64"; + compression = "none"; + hash { + algo = "sha256"; + }; + }; + }; + configurations { + default = "conf"; + conf { + description = "Linux boot configuration"; + kernel = "kernel"; + fdt = "fdt"; + signature { + algo = "sha256,rsa4096"; + key-name-hint = "dev"; + sign-images = "fdt", "kernel"; + }; + }; + }; +}; diff --git a/board/altera/stratix10-socdk/its/uboot-sign.its b/board/altera/stratix10-socdk/its/uboot-sign.its new file mode 100644 index 0000000000..611bb980f9 --- /dev/null +++ b/board/altera/stratix10-socdk/its/uboot-sign.its @@ -0,0 +1,41 @@ +/* + * Copyright (C) 2019 Intel Corporation. All rights reserved + * + * SPDX-License-Identifier: GPL-2.0 + */ + +/dts-v1/; + +/ { + description = "Authenticator"; + #address-cells = <1>; + + images { + standalone { + description = "Authenticator binary"; + data = /incbin/("../../../../u-boot-dtb.bin"); + type = "standalone"; + arch = "arm64"; + compression = "none"; + load = <0x1000>; + entry = <0x1000>; + os = "u-boot"; + hash { + algo = "sha256"; + }; + }; + }; + + configurations { + default = "conf"; + conf { + description = "Authenticator fitImage"; + standalone = "standalone"; + signature { + algo = "sha256,rsa4096"; + key-name-hint = "dev"; + sign-images = "standalone"; + }; + }; + }; +};