-endmenu # General setup
-
-menu "Boot images"
-
-config ANDROID_BOOT_IMAGE
- bool "Enable support for Android Boot Images"
- default y if FASTBOOT
- help
- This enables support for booting images which use the Android
- image format header.
-
-config FIT
- bool "Support Flattened Image Tree"
- select MD5
- select SHA1
- help
- This option allows you to boot the new uImage structure,
- Flattened Image Tree. FIT is formally a FDT, which can include
- images of various types (kernel, FDT blob, ramdisk, etc.)
- in a single blob. To boot this new uImage structure,
- pass the address of the blob to the "bootm" command.
- FIT is very flexible, supporting compression, multiple images,
- multiple configurations, verification through hashing and also
- verified boot (secure boot using RSA).
-
-if FIT
-
-config FIT_EXTERNAL_OFFSET
- hex "FIT external data offset"
- default 0x0
- help
- This specifies a data offset in fit image.
- The offset is from data payload offset to the beginning of
- fit image header. When specifies a offset, specific data
- could be put in the hole between data payload and fit image
- header, such as CSF data on i.MX platform.
-
-config FIT_ENABLE_SHA256_SUPPORT
- bool "Support SHA256 checksum of FIT image contents"
- default y
- select SHA256
- help
- Enable this to support SHA256 checksum of FIT image contents. A
- SHA256 checksum is a 256-bit (32-byte) hash value used to check that
- the image contents have not been corrupted.
-
-config FIT_ENABLE_SHA384_SUPPORT
- bool "Support SHA384 checksum of FIT image contents"
- default n
- select SHA384
- help
- Enable this to support SHA384 checksum of FIT image contents. A
- SHA384 checksum is a 384-bit (48-byte) hash value used to check that
- the image contents have not been corrupted. Use this for the highest
- security.
-
-config FIT_ENABLE_SHA512_SUPPORT
- bool "Support SHA512 checksum of FIT image contents"
- default n
- select SHA512
- help
- Enable this to support SHA512 checksum of FIT image contents. A
- SHA512 checksum is a 512-bit (64-byte) hash value used to check that
- the image contents have not been corrupted.
-
-config FIT_SIGNATURE
- bool "Enable signature verification of FIT uImages"
- depends on DM
- select HASH
- select RSA
- select RSA_VERIFY
- select IMAGE_SIGN_INFO
- help
- This option enables signature verification of FIT uImages,
- using a hash signed and verified using RSA. If
- CONFIG_SHA_PROG_HW_ACCEL is defined, i.e support for progressive
- hashing is available using hardware, then the RSA library will use
- it. See doc/uImage.FIT/signature.txt for more details.
-
- WARNING: When relying on signed FIT images with a required signature
- check the legacy image format is disabled by default, so that
- unsigned images cannot be loaded. If a board needs the legacy image
- format support in this case, enable it using
- CONFIG_LEGACY_IMAGE_FORMAT.
-
-config FIT_SIGNATURE_MAX_SIZE
- hex "Max size of signed FIT structures"
- depends on FIT_SIGNATURE
- default 0x10000000
- help
- This option sets a max size in bytes for verified FIT uImages.
- A sane value of 256MB protects corrupted DTB structures from overlapping
- device memory. Assure this size does not extend past expected storage
- space.
-
-config FIT_ENABLE_RSASSA_PSS_SUPPORT
- bool "Support rsassa-pss signature scheme of FIT image contents"
- depends on FIT_SIGNATURE
- default n
- help
- Enable this to support the pss padding algorithm as described
- in the rfc8017 (https://tools.ietf.org/html/rfc8017).
-
-config FIT_CIPHER
- bool "Enable ciphering data in a FIT uImages"
- depends on DM
- select AES
- help
- Enable the feature of data ciphering/unciphering in the tool mkimage
- and in the u-boot support of the FIT image.
-
-config FIT_VERBOSE
- bool "Show verbose messages when FIT images fail"
- help
- Generally a system will have valid FIT images so debug messages
- are a waste of code space. If you are debugging your images then
- you can enable this option to get more verbose information about
- failures.
-
-config FIT_BEST_MATCH
- bool "Select the best match for the kernel device tree"
- help
- When no configuration is explicitly selected, default to the
- one whose fdt's compatibility field best matches that of
- U-Boot itself. A match is considered "best" if it matches the
- most specific compatibility entry of U-Boot's fdt's root node.
- The order of entries in the configuration's fdt is ignored.
-
-config FIT_IMAGE_POST_PROCESS
- bool "Enable post-processing of FIT artifacts after loading by U-Boot"
- depends on TI_SECURE_DEVICE
- help
- Allows doing any sort of manipulation to blobs after they got extracted
- from FIT images like stripping off headers or modifying the size of the
- blob, verification, authentication, decryption etc. in a platform or
- board specific way. In order to use this feature a platform or board-
- specific implementation of board_fit_image_post_process() must be
- provided. Also, anything done during this post-processing step would
- need to be comprehended in how the images were prepared before being
- injected into the FIT creation (i.e. the blobs would have been pre-
- processed before being added to the FIT image).
-
-if SPL
-
-config SPL_FIT
- bool "Support Flattened Image Tree within SPL"
- depends on SPL
- select SPL_OF_LIBFDT
-
-config SPL_FIT_PRINT
- bool "Support FIT printing within SPL"
- depends on SPL_FIT
- help
- Support printing the content of the fitImage in a verbose manner in SPL.
-
-config SPL_FIT_SIGNATURE
- bool "Enable signature verification of FIT firmware within SPL"
- depends on SPL_DM
- select SPL_FIT
- select SPL_CRYPTO_SUPPORT
- select SPL_HASH_SUPPORT
- select SPL_RSA
- select SPL_RSA_VERIFY
- select SPL_IMAGE_SIGN_INFO
-
-config SPL_LOAD_FIT
- bool "Enable SPL loading U-Boot as a FIT (basic fitImage features)"
- select SPL_FIT
- help
- Normally with the SPL framework a legacy image is generated as part
- of the build. This contains U-Boot along with information as to
- where it should be loaded. This option instead enables generation
- of a FIT (Flat Image Tree) which provides more flexibility. In
- particular it can handle selecting from multiple device tree
- and passing the correct one to U-Boot.
-
-config SPL_LOAD_FIT_ADDRESS
- hex "load address of fit image"
- depends on SPL_LOAD_FIT
- default 0x0