On Tue, 16 Aug 2022 at 09:16, Sean Anderson <sean.ander...@seco.com> wrote:
>
> Fman microcode is executable code (AFAICT) loaded into a
> coprocessor. As such, if verified boot is enabled, it must be verified
> like other executable code. However, this is not currently done.
>
> This commit adds verified boot functionality by encapsulating the
> microcode in a FIT, which can then be signed/verified as normal. By
> default we allow fallback to unencapsulated firmware, but if
> CONFIG_FIT_SIGNATURE is enabled, then we make it mandatory. Because
> existing Layerscape do not use this config (instead enabling
> CONFIG_CHAIN_OF_TRUST), this should not break any existing boards.
>
> An example (mildly-abbreviated) its is provided below:
>
> / {
> #address-cells = <1>;
>
> images {
> firmware {
> data = /incbin/(/path/to/firmware);
> type = "firmware";
> arch = "arm64";
> compression = "none";
> signature {
> algo = "sha256,rsa2048";
> key-name-hint = "your key name";
> };
> };
> };
>
> configurations {
> default = "conf";
> conf {
> description = "Load FMAN microcode";
> fman = "firmware";
> };
> };
> };
>
> Signed-off-by: Sean Anderson <sean.ander...@seco.com>
> ---
>
> (no changes since v1)
>
> drivers/net/fm/fm.c | 18 ++++++++++++++++++
> 1 file changed, 18 insertions(+)
Reviewed-by: Simon Glass <s...@chromium.org>
