This serie adds a stage pre-load before launching an image. This stage is used to read a header before the image and this header contains the signature of the full image. So u-boot may check the full image before using any data of the image.
Changelog: v3: - move image-pre-load.c to /boot - update mkimage to add public key in u-boot device tree - add script gen_pre_load_header.sh v2: - move the code to image-pre-load - add support of stage pre-load for spl - add support of stage pre-load on spl_ram Philippe Reynes (8): lib: allow to build asn1 decoder and oid registry in SPL lib: crypto: allow to build crypyo in SPL lib: rsa: allow rsa verify with pkey in SPL boot: image: add a stage pre-load cmd: bootm: add a stage pre-load common: spl: fit_ram: allow to use image pre load mkimage: add public key for image pre-load stage tools: gen_pre_load_header.sh: initial import boot/Kconfig | 33 ++++ boot/Makefile | 1 + boot/bootm.c | 33 ++++ boot/image-pre-load.c | 291 +++++++++++++++++++++++++++++++++++ cmd/Kconfig | 10 ++ cmd/bootm.c | 2 +- common/spl/spl_ram.c | 21 ++- include/image.h | 25 +++ lib/Kconfig | 6 + lib/Makefile | 9 +- lib/crypto/Kconfig | 15 ++ lib/crypto/Makefile | 19 ++- lib/rsa/Kconfig | 8 + tools/fit_image.c | 3 + tools/gen_pre_load_header.sh | 174 +++++++++++++++++++++ tools/image-host.c | 116 ++++++++++++++ 16 files changed, 755 insertions(+), 11 deletions(-) create mode 100644 boot/image-pre-load.c create mode 100755 tools/gen_pre_load_header.sh -- 2.17.1
