diff options
| author | Sean Anderson <sean.anderson@seco.com> | 2022-12-12 14:12:11 -0500 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2022-12-31 13:35:19 -0500 |
| commit | bcc85b96b5ffbbce19a89747138feb873d918915 (patch) | |
| tree | 9a4c733db8ec3b99444a5ff9177aeb709459ad07 /doc/uImage.FIT/source_file_format.txt | |
| parent | c4f5738e690487dc59c8234782e792e57dac9a22 (diff) | |
| download | u-boot-bcc85b96b5ffbbce19a89747138feb873d918915.tar.gz | |
cmd: source: Support specifying config name
As discussed previously [1,2], the source command is not safe to use with
verified boot unless there is a key with required = "images" (which has its
own problems). This is because if such a key is absent, signatures are
verified but not required. It is assumed that configuration nodes will
provide the signature. Because the source command does not use
configurations to determine the image to source, effectively no
verification takes place.
To address this, allow specifying configuration nodes. We use the same
syntax as the bootm command (helpfully provided for us by fit_parse_conf).
By default, we first try the default config and then the default image. To
force using a config, # must be present in the command (e.g. `source
$loadaddr#my-conf`). For convenience, the config may be omitted, just like
the address may be (e.g. `source \#`). This also works for images
(`source :` behaves exactly like `source` currently does).
[1] https://lore.kernel.org/u-boot/7d711133-d513-5bcb-52f2-a9dbaa9eeded@prevas.dk/
[2] https://lore.kernel.org/u-boot/042dcb34-f85f-351e-1b0e-513f89005fdd@gmail.com/
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'doc/uImage.FIT/source_file_format.txt')
| -rw-r--r-- | doc/uImage.FIT/source_file_format.txt | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/doc/uImage.FIT/source_file_format.txt b/doc/uImage.FIT/source_file_format.txt index 4640e38e3c..269e1fa0b5 100644 --- a/doc/uImage.FIT/source_file_format.txt +++ b/doc/uImage.FIT/source_file_format.txt @@ -247,6 +247,7 @@ o config-1 |- kernel = "kernel sub-node unit name" |- fdt = "fdt sub-node unit-name" [, "fdt overlay sub-node unit-name", ...] |- loadables = "loadables sub-node unit-name" + |- script = " |- compatible = "vendor,board-style device tree compatible string" @@ -268,6 +269,8 @@ o config-1 of strings. U-Boot will load each binary at its given start-address and may optionally invoke additional post-processing steps on this binary based on its component image node type. + - script : The image to use when loading a U-Boot script (for use with the + source command). - compatible : The root compatible string of the U-Boot device tree that this configuration shall automatically match when CONFIG_FIT_BEST_MATCH is enabled. If this property is not provided, the compatible string will be |