[U-Boot] [PATCH v3 12/12] Add verified boot information and test

Simon Glass sjg at chromium.org
Fri Jun 14 00:33:19 CEST 2013 

Hi Tom,

On Thu, Jun 13, 2013 at 3:10 PM, Simon Glass <sjg at chromium.org> wrote:

> Add a description of how to implement verified boot using signed FIT
> images,
> and a simple test which verifies operation on sandbox.
>
> The test signs a FIT image and verifies it, then signs a FIT configuration
> and verifies it. Then it corrupts the signature to check that this is
> detected.
>
> Signed-off-by: Simon Glass <sjg at chromium.org>
>

If it helps, here are the results of my build for this series (and the
trace one). No new failures but you can see quite a few problems with
Xscale.

 ./tools/buildman/buildman -b us-vboot9c -s
Summary of 35 commits for 1124 boards (32 threads, 1 job per thread)
01: pci: introduce CONFIG_PCI_INDIRECT_BRIDGE option
  blackfin: +   bf561-acvilon cm-bf561 blackstamp br4 bct-brettl2 cm-bf527
dnp5370 bf506f-ezkit ip04 bf527-sdp bf609-ezkit bf537-stamp bf527-ezkit-v2
cm-bf537e tcm-bf518 cm-bf537u bf527-ezkit bf537-pnav cm-bf533 pr1
bf533-ezkit ibf-dsp561 bf537-srv1 cm-bf548 bf537-minotaur bf538f-ezkit
bf548-ezkit bf525-ucr2 blackvme tcm-bf537 bf533-stamp bf518f-ezbrd
bf527-ad7160-eval bf526-ezbrd bf561-ezkit
      m68k: +   M54455EVB_a66 M5329AFEE M5249EVB idmr M5208EVBE M5475FFE
M54451EVB astro_mcf5373l M54418TWR_serial_rmii M54455EVB_intel M5282EVB
M54455EVB_i66 M5475GFE M5253DEMO M54455EVB_stm33 M5485BFE M5485DFE
M5329BFEE M52277EVB M5475EFE M5475CFE M5485AFE M53017EVB M5475AFE M5485HFE
M5235EVB M5253EVBE M54418TWR_nand_mii M54418TWR_nand_rmii_lowfreq TASREG
cobra5272 M5475BFE M5475DFE M5275EVB M52277EVB_stmicro eb_cpu5282
eb_cpu5282_internal M54451EVB_stmicro M5271EVB M5485GFE M5485EFE M5485FFE
M54418TWR M5235EVB_Flash32 M5373EVB M54418TWR_nand_rmii
M54418TWR_serial_mii M5485CFE M54455EVB M5272C3
   powerpc: +   MVBLM7 MVSMR lcd4_lwmon5
        sh: +   rsk7269 rsk7264 sh7757lcr sh7752evb rsk7203
microblaze: +   microblaze-generic
  openrisc: +   openrisc-generic
       arm: +   palmtc zipitz2 VCMA9 lubbock zynq_dcc vpac270_nor_128
colibri_pxa270 kzm9g zynq xaeniax polaris pxa255_idp vpac270_ond_256
vpac270_nor_256 smdk2410 h2200 balloon3 palmld trizepsiv
     nds32: +   adp-ag101p adp-ag102 adp-ag101
02: pci: Convert extern inline functions to static inline
03: x86: Correct missing local variable in bootm
04: Fix missing return in do_mem_loop()
05: Show stdout on error in fit-test
06: bootstage: Correct printf types
07: Add function to print a number with grouped digits
08: Add trace library
09: Add a trace command
10: Support tracing in config.mk when enabled
11: Add trace support to generic board
12: Add proftool to decode profile data
13: sandbox: Support trace feature
14: Add a simple test for sandbox trace
15: Clarify bootm OS arguments
16: Refactor the bootm command to reduce code duplication
17: Add a 'fake' go command to the bootm command
18: arm: Implement the 'fake' go command
19: exynos: Avoid function instrumentation for microsecond timer
20: exynos: config: Add tracing options
21: x86: Support tracing function
22: x86: config: Add tracing options
23: wip
24: image: Add signing infrastructure
25: image: Support signing of images
26: image: Add RSA support for image signing
27: mkimage: Add -k option to specify key directory
28: mkimage: Add -K to write public keys to an FDT blob
29: mkimage: Add -F option to modify an existing .fit file
30: mkimage: Add -c option to specify a comment for key signing
31: mkimage: Add -r option to specify keys that must be verified
32: libfdt: Add fdt_find_regions()
33: image: Add support for signing of FIT configurations
34: sandbox: config: Enable FIT signatures with RSA
35: Add verified boot information and test

Regards,
Simon

More information about the U-Boot mailing list