[U-Boot] [PATCH 0/8] Secure boot improvements and test on Beaglebone Black

Simon Glass sjg at chromium.org
Thu Dec 26 21:05:31 CET 2013


Hi Tom,

On 20 December 2013 11:59, Tom Rini <trini at ti.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 12/06/2013 06:36 PM, Simon Glass wrote:
> > Hi Tom,
> >
> > On 2 October 2013 08:44, Simon Glass <sjg at chromium.org> wrote:
> >> This series adds a few improvements to the image signing feature to
> >> make it easier to use on the Beaglebone Black.
> >>
> >> - Add a DEV_TREE_BIN option to make it easier to include the correct FDT
> >> (with embedded public keys) into the U-Boot image
> >> - Enable cache for more TI boards (to speed things up)
> >> - Increase malloc size
> >> - Enable CONFIG_OF_CONTROL, FIT and secure boot on am33xx/omap
> >>     (RFC only, not sure we want this, although we could create a
> separate
> >>      config for it)
> >>
> >> I also have a change to adjust mkimage to automatically make space in
> the
> >> FDT when adding hashes and signatures. Included here is the ENOSPC
> patch,
> >> but the fit_image.c patch will wait until the dumpimage tool is merged,
> >> since I am changing the same code.
> >>
> >> With this, secure boot was tested successfully on Beaglebone Black.
> >
> > Do you think any of these patches should be applied?
>
> Sorry I've taken so long to cycle back on this.  At the high level, I'm
> OK with it.  But we need to make sure we can do these features
> optionally, perhaps with a separate build?
>

Do you think we should apply the ones except for the secure boot stuff
(marked RFC)?

Regards,
Simon


More information about the U-Boot mailing list