net: fm: Add support for FIT firmware

Fman microcode is executable code (AFAICT) loaded into a
coprocessor. As such, if verified boot is enabled, it must be verified
like other executable code. However, this is not currently done.

This commit adds verified boot functionality by encapsulating the
microcode in a FIT, which can then be signed/verified as normal. By
default we allow fallback to unencapsulated firmware, but if
CONFIG_FIT_SIGNATURE is enabled, then we make it mandatory. Because
existing Layerscape do not use this config (instead enabling
CONFIG_CHAIN_OF_TRUST), this should not break any existing boards.

An example (mildly-abbreviated) its is provided below:

/ {
    #address-cells = <1>;

    images {
        firmware {
            data = /incbin/(/path/to/firmware);
            type = "firmware";
            arch = "arm64";
            compression = "none";
	    signature {
                algo = "sha256,rsa2048";
                key-name-hint = "your key name";
            };
        };
    };

    configurations {
        default = "conf";
        conf {
            description = "Load FMAN microcode";
            fman = "firmware";
        };
    };
};

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
1 file changed