verified-boot: Minimal support for booting U-Boot proper from SPL
authorTeddy Reed <teddy.reed@gmail.com>
Fri, 10 Jun 2016 02:18:44 +0000 (19:18 -0700)
committerTom Rini <trini@konsulko.com>
Sun, 12 Jun 2016 17:14:58 +0000 (13:14 -0400)
commit51c14cd128f4355514397dc3c8647fb14f7d8ff4
tree75a6855eebbb86d2fe86e07454e5b873c4b3fab5
parent7147a7ebd26fd0037b473343f0db2e2a98d19555
verified-boot: Minimal support for booting U-Boot proper from SPL

This allows a board to configure verified boot within the SPL using
a FIT or FIT with external data. It also allows the SPL to perform
signature verification without needing relocation.

The board configuration will need to add the following feature defines:
CONFIG_SPL_CRYPTO_SUPPORT
CONFIG_SPL_HASH_SUPPORT
CONFIG_SPL_SHA256

In this example, SHA256 is the only selected hashing algorithm.

And the following booleans:
CONFIG_SPL=y
CONFIG_SPL_DM=y
CONFIG_SPL_LOAD_FIT=y
CONFIG_SPL_FIT=y
CONFIG_SPL_OF_CONTROL=y
CONFIG_SPL_OF_LIBFDT=y
CONFIG_SPL_FIT_SIGNATURE=y

Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Acked-by: Simon Glass <sjg@chromium.org>
Acked-by: Andreas Dannenberg <dannenberg@ti.com>
Acked-by: Sumit Garg <sumit.garg@nxp.com>
Kconfig
common/Makefile
drivers/Makefile
drivers/crypto/rsa_mod_exp/mod_exp_sw.c
lib/Makefile
lib/rsa/Kconfig
lib/rsa/Makefile