Hi Marek, Lukasz, > Subject: Re: [EXT] Re: [U-Boot] [PATCH 4/6] spl: mmc: support loading i.MX > container format file > > Hi Marek, > > On 2019/5/22 19:41, Marek Vasut wrote: > > Caution: EXT Email > > > > On 5/22/19 9:34 AM, Lukasz Majewski wrote: > > [...] > >>>>>>>> By using above approach we do have the NXP's "container" > >>>>>>>> format only seen in the SPL (which is OK, as for example > >>>>>>>> Samsung does similar thing with FBL/BL1). When SPL is "trused" > >>>>>>>> we may use available facilities. > >>>>>>> > >>>>>>> The issue to me is that sc_seco_authenticate could not take a > >>>>>>> FIT image as input. > >>>>>> > >>>>>> Is the sc_seco_authenticate an API accessible from SPL, U-Boot > >>>>>> proper or Linux crypro engine driver? > >>>>> > >>>>> Yes, it is an API accessible in SPL/U-Boot stage. I do not know > >>>>> about Linux crypto driver. > >>>> > >>>> Maybe it would be worth to check how Linux handle this? Maybe it > >>>> would shed some more light on it? > >>> > >>> I am not familiar with that, so might be stupid question below. > >>> Does it really matter? > >> > >> I would check it just out of curiosity. > > > > Yes, it matters, because there should be such API. How would Linux > > authenticate e.g. userspace binaries if there wasn't one, surely not > > by wrapping every single object into the custom vendor-specific container ? > > And if there is one, you can use it to authenticate raw binaries from > > U-Boot SPL too, e.g. fitImage blobs with an associated signature. > > > > iMX8 AHAB uses RSA key pair for authentication, the on-chip thing we called > SRK is a array of public key hash which is dedicated for AHAB. It is not a > real > key. The real public key is in container. > AHAB will check the public key with the on-chip SRK before using it to > authenticate the image. > Seco which contains the crypto engine on imx8 does not allow to use the SRK > by user. No such API exported. > And the fuse of SRK is locked, can't be read directly. > > Actually on imx6/imx7/imx8m, the SPL and u-boot are already using ROM > HAB to implement the trust chain, like SPL authenticates u-boot, u-boot > authenticatse kernel. We just follow this same way on imx8, the difference is > imx8 needs container format for signed image. We prefer directly loading > container image than fit image. > If we pack fit image into container, obviously this will cause one more copy. > As a boot loader, isn't it better to have more image format supported? We > don't force to use container, just set it as default. Users still can choose > fit or > raw image.
Do you have more comment? Thanks, Peng. > > > > [...] > > > > -- > > Best regards, > > Marek Vasut > > > > _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
