mirror of
https://source.denx.de/u-boot/u-boot.git
synced 2026-06-13 15:03:58 +03:00
Yan WANG <yan.wang@softathome.com> says: This series improves the reliability and efficiency of binman preload header generation and test it against an encrypted FIT image signed with a preload header. When a preload header references other entries (e.g. an encrypted FIT) through the collection etype, the referenced entries may be rebuilt multiple times during binman processing. This becomes problematic when the referenced entry produces non-deterministic output, such as FIT encryption using random IVs or timestamps, since rebuilding the entry changes the data. This series ensures that referenced entries are built only once and that preload signing is performed after all data is collected. It also avoids unnecessary repacking or repeated signing operations by the preload. The changes include: * generate preload header placeholders in ObtainContents() and sign data only once in ProcessContentsUpdate() * mark referenced entries as build_done in the collection etype to avoid rebuilding data * add a functional test for signing an encrypted FIT with a preload header Link: https://lore.kernel.org/r/20260417083050.499955-1-yan.wang@softathome.com