From 5c643db4cc95c6ac6457731cb5bb75d6896e415b Mon Sep 17 00:00:00 2001
From: Jun Nie <jun.nie@linaro.org>
Date: Tue, 27 Feb 2018 16:55:58 +0800
Subject: SPL: Add signature verification when loading image

U-boot proper signature is not verified by SPL on most platforms
even config SPL_FIT_SIGNATURE is enabled. Only fsl-layerscape
platform support secure boot in platform specific code. So
verified boot cannot be achieved if u-boot proper is loaded by
SPL.

This patch add signature verification to u-boot proper images
when loading FIT image in SPL. It is tested on Allwinner bananapi
zero board with H2+ SoC.

Signed-off-by: Jun Nie <jun.nie@linaro.org>
---
 include/image.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'include')

diff --git a/include/image.h b/include/image.h
index dbdaecbfdd3..88e17fc91eb 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1013,6 +1013,8 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
 			      const char *comment, int require_keys,
 			      const char *engine_id);
 
+int fit_image_verify_with_data(const void *fit, int image_noffset,
+			       const void *data, size_t size);
 int fit_image_verify(const void *fit, int noffset);
 int fit_config_verify(const void *fit, int conf_noffset);
 int fit_all_image_verify(const void *fit);
-- 
cgit v1.2.3