Hi Daniel, We do not have experience with u-boots secure boot so cannot provide much help. My shallow understanding of FIT is that any image u-boot can normally boot you can put in the FIT, although perhaps it might need to be a binary format. Certainly you shouldn't need to be unpacking the ELF image into multiple binaries. Not sure what you are looking for from your flavour of 'secure boot' but as an alternative to u-boots secure boot there was some work done in the Elfloader to hash the images prior to loading and validate them. Unfortunately this has probably bitrotted since the option to support was only in Kbuild+Make system (https://github.com/seL4/seL4_tools/blob/master/elfloader-tool/Kconfig#L83) and hasn't been ported to the CMake build system, but it might provide a place to start. Adrian On Fri 23-Mar-2018 5:25 PM, Daniel Wang wrote:

Hi all,

I’m trying to test secure boot with the CAmkES-arm-vm. I found that U-boot has its implementation of secure boot called verified boot, but it seems only support FIT image format. I’m wondering is there a way to convert the final ELF image to an FIT image? I’m studying the details of different booting image format. I’m not sure how it would work with seL4 camkes demo specifically, since there are so many binary files and cpio archives packed in the final ELF image. Would love to hear your opinions. Thank you very much!

Best Regards -Daniel Wang

_______________________________________________ Devel mailing list Devel@sel4.systems https://sel4.systems/lists/listinfo/devel