On 29/12/17 16:42, Breno Matheus Lima wrote:
The hab_rvt_authenticate_image() is usually executed for extending the root of trust beyond the initial boot image (zImage, u-boot-ivt.img), in my understanding the layout described on the NXP documentation " | IVT | BINARY | CSF | " just applies for the initial boot images. For additional boot images the expected layout is currently documented in "arch/arm/mach-imx/hab.c" | BINARY | IVT | CSF | Maybe this sentence can be reformulated for better understanding.
I suppose the core point to get across is that we current depend on fixed offsets and this is prohibitively difficult.
For example on the secure-boot stuff I'm working on, all of our images are IVT | BINARY | CSF - because this is the required format for the BootROM to load u-boot, it's just easier/more-logical to produce all of our binaries kernel, dtb, boot.scr, etc in that format.
But, yes, I'll re-word this to scan a bit better. Thanks for taking the time to test this out. --- bod _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
