mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-09-28 18:32:08 +00:00
a77f468099
The build system already automatically looks for and includes an in-tree *-u-boot.dtsi when building the control .dtb. However, there are some things that are awkward to maintain in such an in-tree file, most notably the metadata associated to public keys used for verified boot. The only "official" API to get that metadata into the .dtb is via mkimage, as a side effect of building an actual signed image. But there are multiple problems with that. First of all, the final U-Boot (be it U-Boot proper or an SPL) image is built based on a binary image, the .dtb, and possibly some other binary artifacts. So modifying the .dtb after the build requires the meta-buildsystem (Yocto, buildroot, whatnot) to know about and repeat some of the steps that are already known to and handled by U-Boot's build system, resulting in needless duplication of code. It's also somewhat annoying and inconsistent to have a .dtb file in the build folder which is not generated by the command listed in the corresponding .cmd file (that of course applies to any generated file). So the contents of the /signature node really needs to be baked into the .dtb file when it is first created, which means providing the relevant data in the form of a .dtsi file. One could in theory put that data into the *-u-boot.dtsi file, but it's more convenient to be able to provide it externally: For example, when developing for a customer, it's common to use a set of dummy keys for development, while the consultants do not (and should not) have access to the actual keys used in production. For such a setup, it's easier if the keys used are chosen via the meta-buildsystem and the path(s) patched in during the configure step. And of course, nothing prevents anybody from having DEVICE_TREE_INCLUDES point at files maintained in git, or for that matter from including the public key metadata in the *-u-boot.dtsi directly and ignore this feature. There are other uses for this, e.g. in combination with ENV_IMPORT_FDT it can be used for providing the contents of the /config/environment node, so I don't want to tie this exclusively to use for verified boot. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk> Fix doc formatting error (make htmldocs) Signed-off-by: Simon Glass <sjg@chromium.org> |
||
|---|---|---|
| .. | ||
| basic | ||
| coccinelle | ||
| dtc | ||
| kconfig | ||
| .gitignore | ||
| bin2c.c | ||
| binutils-version.sh | ||
| build-cb.sh | ||
| build-efi.sh | ||
| build-whitelist.sh | ||
| build_OID_registry | ||
| check-config.sh | ||
| check-of.sh | ||
| checkpatch.pl | ||
| checkstack.pl | ||
| clang-version.sh | ||
| cleanpatch | ||
| coccicheck | ||
| config_whitelist.txt | ||
| const_structs.checkpatch | ||
| coreboot.sed | ||
| decodecode | ||
| documentation-file-ref-check | ||
| dtc-version.sh | ||
| env2string.awk | ||
| gcc-stack-usage.sh | ||
| gcc-version.sh | ||
| gen_ll_addressable_symbols.sh | ||
| get_default_envs.sh | ||
| get_maintainer.pl | ||
| Kbuild.include | ||
| Kconfig.include | ||
| kernel-doc | ||
| ld-version.sh | ||
| Lindent | ||
| mailmapper | ||
| Makefile | ||
| Makefile.autoconf | ||
| Makefile.build | ||
| Makefile.clean | ||
| Makefile.extrawarn | ||
| Makefile.host | ||
| Makefile.lib | ||
| Makefile.spl | ||
| Makefile.uncmd_spl | ||
| mkmakefile | ||
| objdiff | ||
| of_allowlist.txt | ||
| pylint.base | ||
| setlocalversion | ||
| show-gnu-make | ||
| spdxcheck.py | ||
| spelling.txt | ||