Commit 4afc4f37c7 ("doc: FIT image: Clarify format and simplify
syntax") and delegated FPGA images to be added via the list of
"loadables" in lieu of the "fpga" property. Now actually implement
this in code.
Note that the "compatible" property is ignored for the time being, as
implementing "compatible" loading is beyond the scope of this change.
However, "u-boot,fpga-legacy" is accepted without warning.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Commit 4afc4f37c7 ("doc: FIT image: Clarify format and simplify
syntax") requires that FPGA images be referenced through the
"loadables" in the config node. This means that "fpga" properties in
config nodes are deprecated.
Given that there are likely FIT images which use "fpga", let's not
break those right away. Print a warning message that such use is
deprecated, and give users a couple of releases to update their
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
The FPGA loading code in spl_simple_fit_read() can easily be separated
from the rest of the logic. It is split into two functions instead of
one because spl_fit_upload_fpga() is used in a subsequent patch.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
spl_load_fit_image() will try to load an image at the address given
in the "load" property. Absent such property, it uses
image_info->load_addr
Correct use of this is demonstrated in spl_fit_append_fdt(), which
resets the 'load_addr' before each spl_load_fit_image() call.
On the other hand loading "loadables" loop in spl_load_simple_fit()
completely ignores this. It re-uses the same structure, but doesn't
reset load_addr. If loadable [i] does not have a "load" property, its
load address defaults to load_addr, which still contains the address
of loadable [i - 1].
A simple solution is to treat NULL as an invalid load address. The
caller can set load_addr = 0 to request an abort if the "load"
property is absent.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
At present this casts addresses to pointers so cannot work with sandbox.
Update the code to use map_sysmem() instead.
As part of this change, the existing load_ptr is renamed to src_ptr since
it is not a pointer to load_addr. It is confusing to use a similar name
for something that is not actually related. For the alignment code,
ALIGN() is used instead of open-coded alignment. Add a comment to the line
that casts away a const.
Use a (new) load_ptr variable to access memory at address load_addr.
Signed-off-by: Simon Glass <sjg@chromium.org>
When a FIT config specifies a devicetree, we should load it, no
questions asked. In the case of the "simple" FIT loading path, a
difficulty arises in selecting the load address of the FDT.
The default FDT location is right after the "kernel" or "firmware"
image. However, if that is an OP-TEE image, then the FDT may end up in
secure DRAM, and not be accessible to normal world kernels.
Although the best solution is to be more careful about the FDT
address, a viable workaround is to only append the FDT after a u-boot
or Linux image. This is identical to the previous logic, except that
FDT loading is extended to IH_OS_LINUX images.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Use the IS_ENABLED() macro to control code flow, instead of the
caveman approach of sprinkling #ifdefs. Code size is not affected, as
the linker garbage-collects unused functions. However, readability is
improved significantly.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The configuration node a sub node under "/configurations", which
describes the components to load from "/images". We only need to
locate this node once.
However, for each component, spl_fit_get_image_name() would parse the
FIT image, looking for the correct node. Such work duplication is not
necessary. Instead, once the node is found, cache it, and re-use it.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When a desired configuration is not found, conf_node will have a
negative value. Thus the for loop will start at the root "/" node of
the image, print the "/description" property, and stop.
It appears the intent of the loop was to print the names of the
subnodes under "/configurations". We would need the offset to the
"/configurations" node, which is abstracted by fit_find_config_node().
This change agrees that abstracting the node offset is the correct
design, and we shouldn't be parsing the configurations manually. Thus
the loop in spl_fit_get_image_name() is useless. Remove it.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Several loose arguments describe the FIT image. They are thus related,
and it makes sense to pass them together, in a structure. Examples
include the FIT blob pointer, offset to FDT nodes, and the offset to
external data.
Use a spl_fit_info structure to group these parameters.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The logical steps in spl_load_simple_fit() are difficult to follow.
I think the long comments, ifdefs, and ungodly number of variables
seriously affect the readability. In particular, it violates section 6
of the coding style, paragraphs (3), and (4).
The purpose of this patch is to improve the situation by
- Factoring out initialization and parsing to separate functions
- Reduce the number of variables by using a context structure
This change introduces no functional changes.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The size is derived from the FIT image itself. Any alignment
requirements are machine-specific and known by the board code. Thus
the total length can be derived from the FIT image and knowledge of
the platform. The 'length' argument is redundant. Remove it.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
CC: Matt Porter <mporter@konsulko.com>
Move this out of the common header and include it only where needed. In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly. Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
When the hash check fails on a loadable image, the SPL/TPL simply
jump to the next one. This commit changes this behaviour, when the
hash check fails on a loadable image, the function spl_load_simple_fit
stops and report an error.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Fit images were loaded to a buffer provided by spl_get_load_buffer().
This may work when the FIT image is small and fits between the start
of DRAM and SYS_TEXT_BASE.
One problem with this approach is that the location of the buffer may
be manipulated by changing the 'size' field of the FIT. A maliciously
crafted FIT image could place the buffer over executable code and be
able to take control of SPL. This is unacceptable for secure boot of
signed FIT images.
Another problem is with larger FIT images, usually containing one or
more linux kernels. In such cases the buffer be be large enough so as
to start before DRAM (Figure I). Trying to load an image in this case
has undefined behavior.
For example, on stm32mp1, the MMC controller hits a RX overrun error,
and aborts loading.
_________________
| FIT Image |
| |
/===================\ /=====================\
|| DRAM || | DRAM |
|| || | |
||_________________|| SYS_TEXT_BASE | ___________________ |
| | || FIT Image ||
| | || ||
| _________________ | SYS_SPL_MALLOC_START || _________________ ||
|| malloc() data || ||| malloc() data |||
||_________________|| |||_________________|||
| | ||___________________||
| | | |
Figure I Figure II
One possibility that was analyzed was to remove the negative offset,
such that the buffer starts at SYS_TEXT_BASE. This is not a proper
solution because on a number of platforms, the malloc buffer() is
placed at a fixed address, usually after SYS_TEXT_BASE. A large
enough FIT image could cause the malloc()'d data to be overwritten
(Figure II) when loading.
/======================\
| DRAM |
| |
| | CONFIG_SYS_TEXT_BASE
| |
| |
| ____________________ | CONFIG_SYS_SPL_MALLOC_START
|| malloc() data ||
|| ||
|| __________________ ||
||| FIT Image |||
||| |||
||| |||
Figure III
The solution proposed here is to replace the ad-hoc heuristics of
spl_get_load_buffer() with malloc(). This provides two advantages:
* Bounds checking of the buffer region
* Guarantees the buffer does not conflict with other memory
The first problem is solved by constraining the buffer such that it
will not overlap currently executing code. This eliminates the chance
of a malicious FIT being able to replace the executing SPL code prior
to signature checking.
The second problem is solved in conjunction with increasing
CONFIG_SYS_SPL_MALLOC_SIZE. Since the SPL malloc() region is
carefully crafted on a per-platform basis, the chances of memory
conflicts are virtually eliminated.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
This commit add the support of signature check for config node
in spl/tpl when the function spl_load_simple_fit is used.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This uclass is intended to provide a way to obtain information about a
U-Boot board. But the concept of a U-Boot 'board' is the whole system,
not just one circuit board, meaning that 'board' is something of a
misnomer for this uclass.
In addition, the name 'board' is a bit overused in U-Boot and we want to
use the same uclass to provide SMBIOS information.
The obvious name is 'system' but that is so vague as to be meaningless.
Use 'sysinfo' instead, since this uclass is aimed at providing information
on the system.
Rename everything accordingly.
Note: Due to the patch delta caused by the symbol renames, this patch
shows some renamed files as being deleted in one place and created in
another.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
SPL is creating fit-images DT node when loadables are recorded in selected
configuration. Entries which are created are using entry-point and
load-addr property names. But there shouldn't be a need to use non standard
properties because entry/load are standard FIT properties. But using
standard FIT properties enables option to use generic FIT functions to
descrease SPL size. Here is result for ZynqMP virt configuration:
xilinx_zynqmp_virt: spl/u-boot-spl:all -82 spl/u-boot-spl:rodata -22 spl/u-boot-spl:text -60
The patch causes change in run time fit image record.
Before:
fit-images {
uboot {
os = "u-boot";
type = "firmware";
size = <0xfd520>;
entry-point = <0x8000000>;
load-addr = <0x8000000>;
};
};
After:
fit-images {
uboot {
os = "u-boot";
type = "firmware";
size = <0xfd520>;
entry = <0x8000000>;
load = <0x8000000>;
};
};
Replacing calling fdt_getprop_u32() by fit_image_get_entry/load() also
enables support for reading entry/load properties recorded in 64bit format.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Some boards, specifically 64-bit Allwinner boards (sun50i), are
extremely limited on SPL size. One strategy that was used to make space
was to remove the FIT "os" property parsing code, because it uses a
rather large lookup table.
However, this forces the legacy FIT parsing code path, which requires
the "firmware" entry in the FIT to reference the U-Boot binary, even if
U-Boot is not the next binary in the boot sequence (for example, on
sun50i boards, ATF is run first).
This prevents the same FIT image from being used with a SPL with
CONFIG_SPL_FIT_IMAGE_TINY=n and CONFIG_SPL_ATF=y, because the boot
method selection code looks at `spl_image.os`, which is only set from
the "firmware" entry's "os" property.
To be able to use CONFIG_SPL_ATF=y, the "firmware" entry in the FIT
must be ATF, and U-Boot must be a loadable. For this to work, we need to
parse the "os" property just enough to tell U-Boot from other images, so
we can find it in the loadables list to append the FDT, and so we don't
try to append the FDT to ATF (which could clobber adjacent firmware).
So add the minimal code necessary to distinguish U-Boot/non-U-Boot
loadables with CONFIG_SPL_FIT_IMAGE_TINY=y. This adds about 300 bytes,
much less than the 7400 bytes added by CONFIG_SPL_FIT_IMAGE_TINY=n.
Acked-by: Patrick Wildt <patrick@blueri.se>
Signed-off-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Jagan Teki <jagan@amarulasolutions.com>
This reverts commit eb39d8ba5f.
The commit breaks booting of fitImage by SPL, the system simply hangs.
This is because on arm32, the fitImage and all of its content can be
aligned to 4 bytes and U-Boot expects just that.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Reuben Dowle <reuben.dowle@4rf.com>
Cc: Tom Rini <trini@konsulko.com>
Signed-off-by: Marek Vasut <marex@denx.de>
The patch does sed 's/SPL_FPGA_SUPPORT/SPL_FPGA/g' but also fixing Makefile
and zynqmp.c to simplify if/endif logic in zynqmp.c.
This change is mostly done to be able to use CONFIG_IS_ENABLED macro and
obj-$(CONFIG_$(SPL_)FPGA) in Makefile. For them symbols need to be in sync.
And removing one line from Topic Miami boards which is not needed because
symbol is not enabled via Kconfig.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
If uboot does not embed its device tree and the FIT loading function
returns error in case of failure in the FDT append, the redundant itb
image could be loaded.
cc: Michael Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Dario Binacchi <dariobin@libero.it>
Reviewed-by: Michael Trimarchi <michael@amarulasolutions.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.
Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.
Signed-off-by: Simon Glass <sjg@chromium.org>
The free() function checks if its argument is NULL. It is superfluous to do
the same check on the calling side.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Commit cf8dcc5d02 ("common: spl_fit: Default to IH_OS_U_BOOT if
FIT_IMAGE_TINY enabled") is not correct, it will append fdt to each loadable
image. Actually when using TINY FIT, the first loadable image is thought as
u-boot and already have fdt appended.
Signed-off-by: Ye Li <ye.li@nxp.com>
Tested-by: Fabio Estevam <festevam@gmail.com>
Allow reading compressed content from fit image, even if
CONFIG_SPL_OS_BOOT is not set.
This allow booting compressed 2nd stage u-boot from fit image.
Additionally, do not print warning message if compression node is not
found, since it simply implies the content is uncompressed.
Signed-off-by: Klaus H. Sorensen <khso@prevas.dk>
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
spl_fit_get_image_name() is used to get the names of the images that the
SPL must load from the FIT. It relies on the content of a property present
in the FIT. The list of images is thus statically defined in the FIT.
With this scheme, it quickly becomes hard to manage combinations of more
than a handful of images.
To address this problem, give the board driver code the opportunity to
add to the list of images. The images from the FIT property are loaded
first, and then the board_get_fit_loadable() is called to get more image
names.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
There is no need for it to be non-constant. Making it constant, allows to
return constant string without warning.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
There are many ways the overlay application can fail.
2 of them are probably the most common:
- the application itself failed. Usually this is comes from an unresolved
reference
- DTBO not available in FIT (could be because of a typo)
In both case it is good to be more explicit about the error and at least
show which overlay is failing.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
If one overlay that must be applied cannot be found in the FIT, the current
implementation stops applying the overlays. Let's make it skip only the
failing overlay instead.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
If the node describing an overlay does not specify a load address, it will
be loaded at the address previously used.
Fixing it by allocating a temporary buffer that will be used as a
default load address. By default, the size of the buffer is 64kB which
should be plenty for most use cases.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Make room in the FDT before applying the overlay, otherwise it may fail if
the overlay is big. As the exact added size is not known in advance, just
add the size of the overlay.
Move after the end of the application of the overlays, the resize of the
FDT for the injection of the details on the loadables.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
doc/uImage.FIT/overlay-fdt-boot.txt is describing how to create FIT
image with DT overlays in it.
Add support for this feature to SPL.
Here is the ZynqMP fragment where dtb points to full DT and dtbo is
overlay which should be applied on the top of dtb.
config {
description = "ATF with full u-boot overlay";
firmware = "atf";
loadables = "uboot";
fdt = "dtb", "dtbo";
};
The whole feature depends on OF_LIBFDT_OVERLAY which is adding +4kB code
and 0 for platforms which are not enabling this feature.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When u-boot.img is a FIT image generated automatically by mkimage, the
configuration node has the following structure:
conf-1 {
description = "k3-am654-base-board";
firmware = "firmware-1";
loadables = "firmware-1";
fdt = "fdt-1";
};
The firmware is referenced twice. Once by the 'firmware' property and
once by the 'loadables' property. Currently this result in the firmware
being loaded twice. This is not a big problem but has an impact on the
boot time.
Fixing it by not loading a loadable image if it is also the firmware image.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Andreas Dannenberg <dannenberg@ti.com>
CONFIG_SECURE_BOOT is too generic and forbids to use it for cross
architecture purposes. If Secure Boot is required for imx, this means to
enable and use the HAB processor in the soc.
Signed-off-by: Stefano Babic <sbabic@denx.de>
As part of the SPL FIT boot flow, the device tree is appended to U-Boot
proper. The device tree is used to record information on the loadables
to make them available to the SPL framework and U-Boot proper. Depending
on the U-Boot device tree provider, the FIT image might not include a
device tree. Information on the loadables is missing in this case.
When booting via firmware bundled with the FIT image, U-Boot SPL loads
the firmware binary and U-Boot proper before starting the firmware. The
firmware, in turn, is responsible for starting U-Boot proper.
Information on the memory location of the U-Boot proper loadable must be
available to the SPL framework so that it can be passed to the firmware
binary. To support this use case when no device tree is found in the FIT
image, fall back to the U-Boot device tree in this situation.
At the same time, update the comment to remove the note that the
destination address must be aligned to ARCH_DMA_MINALIGN. Alignment is
only required as an intermediate step when reading external data. This
is automatically handled by spl_fit_append_fdt(). After reading the
external data, it is copied to the specified address, which does not
have to be aligned to ARCH_DMA_MINALIGN.
Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
As part of the effort to remove things from common.h, create a new header
for the gzip functions. Move the function declarations to it and add
missing documentation.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
The current U-Boot SPL image loader infrastructure is very powerful,
able to initialize and load from a variety of boot media however it
is strongly geared towards loading specific types of images in a very
specific way. To address the need being able to use this infrastructure
to load arbitrary image files go ahead and refactor it as follows:
- Refactor existing spl_mmc_load_image function into superset function,
accepting additional arguments such as filenames and media load offset
(same concept can also be applied toother spl_XXX_load_image functions)
- Extend the loader function to "remember" their peripheral initialization
status so that the init is only done once during the boot process,
- Extend the FIT image loading function to allow skipping the parsing/
processing of the FIT contents (so that this can be done separately
in a more customized fashion)
- Populate the SPL_LOAD_IMAGE_METHOD() list with a trampoline function,
invoking the newly refactored superset functions in a way to maintain
compatibility with the existing behavior
This refactoring initially covers MMC/SD card loading (RAW and FS-based).
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
FIT_IMAGE_TINY is used to reduce the size of the SPL by removing os-type
tracking and recording the loadables into the loaded FDT. When this option
is enabled, it is assumed that the next stage firmware is u-boot.
However this does not play well with the SPL_OS_BOOT option that enables
loading different type of next stage firmware, like the OS itself.
When SPL_OS_BOOT is used, do not disable os-tracking. The added footprint
is about 300 Bytes.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
If FIT_IMAGE_TINY is enabled, spl_fit_image_get_os returns -ENOTSUPP.
In this case, we should default to IH_OS_U_BOOT not to IH_OS_INVALID.
Signed-off-by: Abel Vesa <abel.vesa@nxp.com>
Tested-by: Fabio Estevam <festevam@gmail.com>
Introduce two board level callback functions to FIT image loading process, and
a SPL_FIT_FOUND flag to differentiate FIT image or RAW image.
Implement functions in imx common SPL codes to call HAB funtion
to authenticate the FIT image. Generally, we have to sign multiple regions
in FIT image:
1. Sign FIT FDT data (configuration)
2. Sign FIT external data (Sub-images)
Because the CSF supports to sign multiple memory blocks, so that we can use one
signature to cover all regions in FIT image and only authenticate once.
The authentication should be done after the entire FIT image is loaded into
memory including all sub-images.
We use "-p" option to generate FIT image to reserve a space for FIT IVT
and FIT CSF, also this help to fix the offset of the external data (u-boot-nodtb.bin,
ATF, u-boot DTB).
The signed FIT image layout is as below:
--------------------------------------------------
| | | | | | | |
| FIT | FIT | FIT | | U-BOOT | ATF | U-BOOT |
| FDT | IVT | CSF | | nodtb.bin | | DTB |
| | | | | | | |
--------------------------------------------------
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
This patch partially reverts:
"spl: fit: Add support for loading FPGA bitstream"
(sha1: 26a642238b)
There shouldn't be a need to call private spl_load_fpga_image function
because the whole sequence should be already handled by fpga framework.
If there is missing loading bistream by chunks it should be done via
fpga framework instead of having private hooks.
Also spl_load_fpga_image() weak function is not used anywhere and
opening a way for not reviewed hacks out of mainline U-Boot is not the
right way to go.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
There is no reason to limit gzip usage only for OS_BOOT and kernel image
type.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Tested-by: York Sun <york.sun@nxp.com>
The SPL loaders assume that the CONFIG_SYS_TEXT_BASE memory location
is available and can be corrupted by loading ie. uImage or fitImage
headers there. Sometimes it could be beneficial to load the headers
elsewhere, ie. if CONFIG_SYS_TEXT_BASE is not yet writable while we
still want to parse the image headers in some local onchip memory to
ie. extract firmware from that image.
Add the possibility to override the location where the headers get
loaded by introducing new function, spl_get_load_buffer() which takes
two arguments -- offset from the CONFIG_SYS_TEXT_BASE and size of the
data that are to be loaded there -- and returns a valid buffer address
or hangs the system. The default behavior is the same as before, add
the offset to CONFIG_SYS_TEXT_BASE and return that address. User can
override the weak spl_get_load_buffer() function though.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
A message should be displayed if an image is loaded
to an FPGA, because the hardware might have changed,
and the user should be informed
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Verification of hashes needs to take place before any image post
processing, thus matching full FIT image processing.
This allows mechanisms such as encryption be applied to images
prior to fit generation at the spl level.
Signed-off-by: Ben Whitten <ben.whitten@lairdtech.com>