SPL: Add HAB image authentication to FIT

Introduce two board level callback functions to FIT image loading process, and
a SPL_FIT_FOUND flag to differentiate FIT image or RAW image.

Implement functions in imx common SPL codes to call HAB funtion
to authenticate the FIT image. Generally, we have to sign multiple regions
in FIT image:
1. Sign FIT FDT data (configuration)
2. Sign FIT external data (Sub-images)

Because the CSF supports to sign multiple memory blocks, so that we can use one
signature to cover all regions in FIT image and only authenticate once.
The authentication should be done after the entire FIT image is loaded into
memory including all sub-images.
We use "-p" option to generate FIT image to reserve a space for FIT IVT
and FIT CSF, also this help to fix the offset of the external data (u-boot-nodtb.bin,
ATF, u-boot DTB).

The signed FIT image layout is as below:
--------------------------------------------------
|     |     |     |   |           |     |        |
| FIT | FIT | FIT |   | U-BOOT    | ATF | U-BOOT |
| FDT | IVT | CSF |   | nodtb.bin |     |   DTB  |
|     |     |     |   |           |     |        |
--------------------------------------------------

Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>

1 files changed, 1 insertions, 0 deletions

diff --git a/include/spl.h b/include/spl.h
index ff4e6277d3..3f4b92ce86 100644
--- a/include/spl.h
+++ b/include/spl.h
@@ -118,6 +118,7 @@ int spl_load_simple_fit(struct spl_image_info *spl_image,
 			struct spl_load_info *info, ulong sector, void *fdt);
 
 #define SPL_COPY_PAYLOAD_ONLY	1
+#define SPL_FIT_FOUND		2
 
 /* SPL common functions */
 void preloader_console_init(void);