Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / u-boot / 51c14cd128f4355514397dc3c8647fb14f7d8ff4^! / . / Kconfig
commit51c14cd128f4355514397dc3c8647fb14f7d8ff4[log] [tgz]
authorTeddy Reed <teddy.reed@gmail.com>Thu Jun 09 19:18:44 2016 -0700
committerTom Rini <trini@konsulko.com>Sun Jun 12 13:14:58 2016 -0400
tree75a6855eebbb86d2fe86e07454e5b873c4b3fab5
parent7147a7ebd26fd0037b473343f0db2e2a98d19555 [diff] [blame]
verified-boot: Minimal support for booting U-Boot proper from SPL

This allows a board to configure verified boot within the SPL using
a FIT or FIT with external data. It also allows the SPL to perform
signature verification without needing relocation.

The board configuration will need to add the following feature defines:
CONFIG_SPL_CRYPTO_SUPPORT
CONFIG_SPL_HASH_SUPPORT
CONFIG_SPL_SHA256

In this example, SHA256 is the only selected hashing algorithm.

And the following booleans:
CONFIG_SPL=y
CONFIG_SPL_DM=y
CONFIG_SPL_LOAD_FIT=y
CONFIG_SPL_FIT=y
CONFIG_SPL_OF_CONTROL=y
CONFIG_SPL_OF_LIBFDT=y
CONFIG_SPL_FIT_SIGNATURE=y

Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Acked-by: Simon Glass <sjg@chromium.org>
Acked-by: Andreas Dannenberg <dannenberg@ti.com>
Acked-by: Sumit Garg <sumit.garg@nxp.com>

diff --git a/Kconfig b/Kconfig
index 4b46216..817f4f0 100644
--- a/Kconfig
+++ b/Kconfig

@@ -183,6 +183,11 @@
 	  verified boot (secure boot using RSA). This option enables that
 	  feature.
 
+config SPL_FIT
+	bool "Support Flattened Image Tree within SPL"
+	depends on FIT
+	depends on SPL
+
 config FIT_VERBOSE
 	bool "Display verbose messages on FIT boot"
 	depends on FIT
@@ -205,6 +210,12 @@
 	  format support in this case, enable it using
 	  CONFIG_IMAGE_FORMAT_LEGACY.
 
+config SPL_FIT_SIGNATURE
+	bool "Enable signature verification of FIT firmware within SPL"
+	depends on SPL_FIT
+	depends on SPL_DM
+	select SPL_RSA
+
 config FIT_BEST_MATCH
 	bool "Select the best match for the kernel device tree"
 	depends on FIT