#define IMAGE_ENABLE_FIT 1
#define IMAGE_ENABLE_OF_LIBFDT 1
#define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */
+#define CONFIG_FIT_ENABLE_SHA256_SUPPORT
+#define CONFIG_SHA1
+#define CONFIG_SHA256
#define IMAGE_ENABLE_IGNORE 0
#define IMAGE_INDENT_STRING ""
# ifdef CONFIG_SPL_SHA1_SUPPORT
# define IMAGE_ENABLE_SHA1 1
# endif
-# ifdef CONFIG_SPL_SHA256_SUPPORT
-# define IMAGE_ENABLE_SHA256 1
-# endif
# else
# define CONFIG_CRC32 /* FIT images need CRC32 support */
-# define CONFIG_MD5 /* and MD5 */
-# define CONFIG_SHA1 /* and SHA1 */
-# define CONFIG_SHA256 /* and SHA256 */
# define IMAGE_ENABLE_CRC32 1
# define IMAGE_ENABLE_MD5 1
# define IMAGE_ENABLE_SHA1 1
-# define IMAGE_ENABLE_SHA256 1
# endif
-#ifdef CONFIG_FIT_DISABLE_SHA256
-#undef CONFIG_SHA256
-#undef IMAGE_ENABLE_SHA256
-#endif
-
#ifndef IMAGE_ENABLE_CRC32
#define IMAGE_ENABLE_CRC32 0
#endif
#define IMAGE_ENABLE_SHA1 0
#endif
-#ifndef IMAGE_ENABLE_SHA256
+#if defined(CONFIG_FIT_ENABLE_SHA256_SUPPORT) || \
+ defined(CONFIG_SPL_SHA256_SUPPORT)
+#define IMAGE_ENABLE_SHA256 1
+#else
#define IMAGE_ENABLE_SHA256 0
#endif
#endif /* IMAGE_ENABLE_FIT */
-#ifdef CONFIG_SYS_BOOT_RAMDISK_HIGH
-# define IMAGE_ENABLE_RAMDISK_HIGH 1
-#else
-# define IMAGE_ENABLE_RAMDISK_HIGH 0
-#endif
-
#ifdef CONFIG_SYS_BOOT_GET_CMDLINE
# define IMAGE_BOOT_GET_CMDLINE 1
#else
}
static inline int image_check_arch(const image_header_t *hdr, uint8_t arch)
{
- return (image_get_arch(hdr) == arch);
+ return (image_get_arch(hdr) == arch) ||
+ (image_get_arch(hdr) == IH_ARCH_ARM && arch == IH_ARCH_ARM64);
}
static inline int image_check_os(const image_header_t *hdr, uint8_t os)
{
* @fit: Pointer to the FIT format image header
* @comment: Comment to add to signature nodes
* @require_keys: Mark all keys as 'required'
+ * @engine_id: Engine to use for signing
*
* Adds hash values for all component images in the FIT blob.
* Hashes are calculated for all component images which have hash subnodes
* libfdt error code, on failure
*/
int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
- const char *comment, int require_keys);
+ const char *comment, int require_keys,
+ const char *engine_id);
int fit_image_verify(const void *fit, int noffset);
int fit_config_verify(const void *fit, int conf_noffset);
const void *fdt_blob; /* FDT containing public keys */
int required_keynode; /* Node offset of key to use: -1=any */
const char *require_keys; /* Value for 'required' property */
+ const char *engine_id; /* Engine to use for signing */
};
#endif /* Allow struct image_region to always be defined for rsa.h */
*/
int board_fit_config_name_match(const char *name);
-#ifdef CONFIG_SPL_FIT_IMAGE_POST_PROCESS
+#if defined(CONFIG_SPL_FIT_IMAGE_POST_PROCESS) || \
+ defined(CONFIG_FIT_IMAGE_POST_PROCESS)
/**
* board_fit_image_post_process() - Do any post-process on FIT binary data
*