No support for FIT images building?

bootlin / buildroot-external-st

External Buildroot tree for STMicroelectronics boards configurations

48 stars 26 forks source link

No support for FIT images building? #45

Closed aatanas closed 7 months ago

aatanas commented 8 months ago

I could not figure out how to build FIT images using this setup on 157F-DK2, any help would be very much appreciated !

aatanas commented 8 months ago

Ok I figured out how to do manually after the buildroot build process, but it would be nice for it to be supported natively if its already not ? :)

kmaincent commented 8 months ago

There is no generic Makefile way to do fitImage. It is usually done by enabling BR2_PACKAGE_HOST_UBOOT_TOOLS_FIT_SUPPORT configuration and building the fitImage in a post-image.sh script. See these boards as examples: board/arcturus/aarch64-ucls1012a/post-image.sh board/aspeed/common/post-image.sh

aatanas commented 8 months ago

Ok, thank you. Now if i understood correctly, there is also no built-in way in Uboot to load exclusively signed FIT images, you could set it up to require verification but that only applies while loading FIT, nothing is there to prevent loading other types of unsigned images like zImage etc. so source-code modification is required for this type of behavior ?

kmaincent commented 8 months ago

Yes, but why do you want to lock the other boot mechanism? If you want to boot only your images you should disable the U-boot prompt access, configure bootcmd to boot your fitImage and sign your fitImage.

aatanas commented 8 months ago

Ok, thanks, also it seems there is an option to force only FIT images: CONFIG_LEGACY_IMAGE_FORMAT :)

kmaincent commented 7 months ago

I still don't understand why you want to force FIT images but if it is okay for you I can close the issue.

tpetazzoni commented 7 months ago

Ok, thank you. Now if i understood correctly, there is also no built-in way in Uboot to load exclusively signed FIT images, you could set it up to require verification but that only applies while loading FIT, nothing is there to prevent loading other types of unsigned images like zImage etc. so source-code modification is required for this type of behavior ?

I'm pretty sure there is a U-Boot configuration setting to prevent unsigned images from being loaded. However, this is really a U-Boot question, not a Buildroot/ST question, so I suggest to discuss this on the U-Boot mailing list instead.