[PATCH] arm: mach-k3: security: separate out validating binary logic
Tom Rini
trini at konsulko.com
Wed May 31 00:32:16 CEST 2023
On Thu, May 18, 2023 at 12:44:17PM +0530, Manorit Chawdhry wrote:
> K3 GP devices allows booting the secure binaries on them by bypassing
> the x509 header on them.
>
> ATF and OPTEE firewalling required the rproc_load to be called before
> authentication. This change caused the failure for GP devices that
> strips off the headers. The boot vector had been set before the headers
> were stripped off causing the runtime stripping to fail and stripping
> becoming in-effective.
>
> Separate out the secure binary check on GP/HS devices so that the
> boot_vector could be stripped before calling rproc_load. This allows
> keeping the authentication later when the cluster is on along with
> allowing the stripping of the binaries in case of gp devices.
>
> Fixes: 1e00e9be62e5 ("arm: mach-k3: common: re-locate authentication for atf/optee")
>
> Signed-off-by: Manorit Chawdhry <m-chawdhry at ti.com>
Applied to u-boot/master, thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20230530/92b1c906/attachment.sig>
More information about the U-Boot
mailing list