verified-boot: Minimal support for booting U-Boot proper from SPL
This allows a board to configure verified boot within the SPL using
a FIT or FIT with external data. It also allows the SPL to perform
signature verification without needing relocation.
The board configuration will need to add the following feature defines:
CONFIG_SPL_CRYPTO_SUPPORT
CONFIG_SPL_HASH_SUPPORT
CONFIG_SPL_SHA256
In this example, SHA256 is the only selected hashing algorithm.
And the following booleans:
CONFIG_SPL=y
CONFIG_SPL_DM=y
CONFIG_SPL_LOAD_FIT=y
CONFIG_SPL_FIT=y
CONFIG_SPL_OF_CONTROL=y
CONFIG_SPL_OF_LIBFDT=y
CONFIG_SPL_FIT_SIGNATURE=y
Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Acked-by: Simon Glass <sjg@chromium.org>
Acked-by: Andreas Dannenberg <dannenberg@ti.com>
Acked-by: Sumit Garg <sumit.garg@nxp.com>
diff --git a/common/Makefile b/common/Makefile
index 1557a04..97c59fe 100644
--- a/common/Makefile
+++ b/common/Makefile
@@ -93,6 +93,7 @@
endif # !CONFIG_SPL_BUILD
ifdef CONFIG_SPL_BUILD
+obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o
obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o
obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o
obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o