arm: socfpga: Enable FIT signature with crc32 for SOC64 devices

Add signature with crc32 value for all images in binman node for FIT
image in device tree. And, enable FIT signature checking for Stratix10
and Agilex ATF and VAB sdmmc boot.

Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>

4 files changed, 37 insertions, 5 deletions

diff --git a/arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi b/arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi
index 4b304737437..84b91e8df09 100644
--- a/arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi
+++ b/arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi
@@ -29,10 +29,12 @@
 					arch = "arm64";
 					compression = "none";
 					load = <0x00200000>;
-
 					uboot_blob: blob-ext {
 						filename = "u-boot-nodtb.bin";
 					};
+					hash {
+						algo = "crc32";
+					};
 				};
 
 				atf {
@@ -43,20 +45,24 @@
 					compression = "none";
 					load = <0x00001000>;
 					entry = <0x00001000>;
-
 					atf_blob: blob-ext {
 						filename = "bl31.bin";
 					};
+					hash {
+						algo = "crc32";
+					};
 				};
 
 				fdt {
 					description = "U-Boot SoC64 flat device-tree";
 					type = "flat_dt";
 					compression = "none";
-
 					uboot_fdt_blob: blob-ext {
 						filename = "u-boot.dtb";
 					};
+					hash {
+						algo = "crc32";
+					};
 				};
 			};
 
@@ -67,6 +73,11 @@
 					firmware = "atf";
 					loadables = "uboot";
 					fdt = "fdt";
+					signature {
+						algo = "crc32";
+						key-name-hint = "dev";
+						sign-images = "atf", "fdt", "uboot";
+					};
 				};
 			};
 		};
@@ -87,10 +98,12 @@
 					compression = "none";
 					load = <0x4080000>;
 					entry = <0x4080000>;
-
 					kernel_blob: blob-ext {
 						filename = "Image";
 					};
+					hash {
+						algo = "crc32";
+					};
 				};
 
 				fdt {
@@ -98,10 +111,12 @@
 					type = "flat_dt";
 					arch = "arm64";
 					compression = "none";
-
 					kernel_fdt_blob: blob-ext {
 						filename = "linux.dtb";
 					};
+					hash {
+						algo = "crc32";
+					};
 				};
 			};
 
@@ -111,6 +126,11 @@
 					description = "Intel SoC64 FPGA";
 					kernel = "kernel";
 					fdt = "fdt";
+					signature {
+						algo = "crc32";
+						key-name-hint = "dev";
+						sign-images = "fdt", "kernel";
+					};
 				};
 			};
 		};
diff --git a/configs/socfpga_agilex_atf_defconfig b/configs/socfpga_agilex_atf_defconfig
index 7adda02b000..e5b7f4b52a3 100644
--- a/configs/socfpga_agilex_atf_defconfig
+++ b/configs/socfpga_agilex_atf_defconfig
@@ -14,6 +14,10 @@ CONFIG_IDENT_STRING="socfpga_agilex"
 CONFIG_SPL_FS_FAT=y
 CONFIG_DEFAULT_DEVICE_TREE="socfpga_agilex_socdk"
 CONFIG_FIT=y
+CONFIG_FIT_SIGNATURE=y
+CONFIG_FIT_SIGNATURE_MAX_SIZE=0x10000000
+CONFIG_SPL_FIT_SIGNATURE=y
+CONFIG_SPL_CRC32_SUPPORT=y
 CONFIG_SPL_LOAD_FIT=y
 CONFIG_SPL_LOAD_FIT_ADDRESS=0x02000000
 # CONFIG_USE_SPL_FIT_GENERATOR is not set
diff --git a/configs/socfpga_agilex_vab_defconfig b/configs/socfpga_agilex_vab_defconfig
index bca663ed617..fac9cf72e5c 100644
--- a/configs/socfpga_agilex_vab_defconfig
+++ b/configs/socfpga_agilex_vab_defconfig
@@ -15,6 +15,10 @@ CONFIG_IDENT_STRING="socfpga_agilex"
 CONFIG_SPL_FS_FAT=y
 CONFIG_DEFAULT_DEVICE_TREE="socfpga_agilex_socdk"
 CONFIG_FIT=y
+CONFIG_FIT_SIGNATURE=y
+CONFIG_FIT_SIGNATURE_MAX_SIZE=0x10000000
+CONFIG_SPL_FIT_SIGNATURE=y
+CONFIG_SPL_CRC32_SUPPORT=y
 CONFIG_SPL_LOAD_FIT=y
 CONFIG_SPL_LOAD_FIT_ADDRESS=0x02000000
 # CONFIG_USE_SPL_FIT_GENERATOR is not set
diff --git a/configs/socfpga_stratix10_atf_defconfig b/configs/socfpga_stratix10_atf_defconfig
index 8dbb7424ba8..7466025bc00 100644
--- a/configs/socfpga_stratix10_atf_defconfig
+++ b/configs/socfpga_stratix10_atf_defconfig
@@ -14,6 +14,10 @@ CONFIG_IDENT_STRING="socfpga_stratix10"
 CONFIG_SPL_FS_FAT=y
 CONFIG_DEFAULT_DEVICE_TREE="socfpga_stratix10_socdk"
 CONFIG_FIT=y
+CONFIG_FIT_SIGNATURE=y
+CONFIG_FIT_SIGNATURE_MAX_SIZE=0x10000000
+CONFIG_SPL_FIT_SIGNATURE=y
+CONFIG_SPL_CRC32_SUPPORT=y
 CONFIG_SPL_LOAD_FIT=y
 CONFIG_SPL_LOAD_FIT_ADDRESS=0x02000000
 # CONFIG_USE_SPL_FIT_GENERATOR is not set