[U-Boot] [PATCH v3 12/12] Add verified boot information and test
Simon Glass
sjg at chromium.org
Thu Jun 20 22:55:08 CEST 2013
Hi Tom,
On Thu, Jun 20, 2013 at 9:07 AM, Tom Rini <trini at ti.com> wrote:
> On Thu, Jun 13, 2013 at 03:33:19PM -0700, Simon Glass wrote:
> > Hi Tom,
> >
> > On Thu, Jun 13, 2013 at 3:10 PM, Simon Glass <sjg at chromium.org> wrote:
> >
> > > Add a description of how to implement verified boot using signed FIT
> > > images,
> > > and a simple test which verifies operation on sandbox.
> > >
> > > The test signs a FIT image and verifies it, then signs a FIT
> configuration
> > > and verifies it. Then it corrupts the signature to check that this is
> > > detected.
> > >
> > > Signed-off-by: Simon Glass <sjg at chromium.org>
> > >
> >
> > If it helps, here are the results of my build for this series (and the
> > trace one). No new failures but you can see quite a few problems with
> > Xscale.
>
> I _think_ Xscale is toolchain choice related. My question is, for
> arches which use --gc-sections, what is the size change from before to
> after, when not opting in on this?
>
Including both trace and verified boot series, the size drops a little for
ARM and powerpc:
$ ./tools/buildman/buildman -b us-vboot9d -sS arm powerpc --step 0
Summary of 2 commits for 955 boards (32 threads, 1 job per thread)
01: Merge branch 'master' of git://www.denx.de/git/u-boot-mmc
arm: + palmtc zipitz2 VCMA9 lubbock vpac270_nor_128 colibri_pxa270
kzm9g zynq_dcc zynq xaeniax polaris pxa255_idp vpac270_ond_256
vpac270_nor_256 smdk2410 balloon3 palmld trizepsiv h2200
powerpc: + MVBLM7 MVSMR lcd4_lwmon5
36: wip
arm: (for 290/314 boards) all -142.6 bss +4.5 data +27.1 rodata
-20.4 spl/u-boot-spl:all +1.9 spl/u-boot-spl:bss +0.0
spl/u-boot-spl:rodata +1.9 text -153.8
powerpc: (for 639/641 boards) all -190.2 bss +0.0 data +25.6 rodata
-12.2 spl/u-boot-spl:all +0.2 spl/u-boot-spl:rodata +0.2 text -203.6
(the wip commit is just a patman change). You can see the text size drops
by 100-200 bytes. This is all due to the bootm refactor which removed
duplicated code.
If you are interested you can see this in the detail view. Commit 16
removes quite a bit of code. Commit 25 adds up to 80 bytes of text.
$ ./tools/buildman/buildman -b us-vboot9d -sS arm powerpc
Summary of 36 commits for 955 boards (32 threads, 1 job per thread)
01: Merge branch 'master' of git://www.denx.de/git/u-boot-mmc
arm: + palmtc zipitz2 VCMA9 lubbock vpac270_nor_128 colibri_pxa270
kzm9g zynq_dcc zynq xaeniax polaris pxa255_idp vpac270_ond_256
vpac270_nor_256 smdk2410 balloon3 palmld trizepsiv h2200
powerpc: + MVBLM7 MVSMR lcd4_lwmon5
02: pci: Convert extern inline functions to static inline
03: x86: Correct missing local variable in bootm
04: Fix missing return in do_mem_loop()
05: Show stdout on error in fit-test
06: bootstage: Correct printf types
07: Add function to print a number with grouped digits
arm: (for 290/314 boards) all +6.0 bss -1.2 data +0.0 rodata
+7.2 spl/u-boot-spl:all +1.8 spl/u-boot-spl:bss -0.1
spl/u-boot-spl:rodata +1.9
powerpc: (for 639/641 boards) all +7.8 bss -0.0 rodata +4.8
spl/u-boot-spl:all +0.1 spl/u-boot-spl:rodata +0.1 text +3.0
08: Add trace library
arm: (for 290/314 boards) all +0.1 bss -0.0 data +0.1
spl/u-boot-spl:all +0.1 spl/u-boot-spl:bss +0.1
powerpc: (for 639/641 boards) all +0.0 bss +0.0
09: Add a trace command
10: Support tracing in config.mk when enabled
11: Add trace support to generic board
arm: (for 290/314 boards) all +2.7 bss -0.4 data +0.6 text +2.5
12: Add proftool to decode profile data
13: sandbox: Support trace feature
14: Add a simple test for sandbox trace
15: Clarify bootm OS arguments
arm: (for 290/314 boards) all +13.0 bss +1.1 text +12.0
powerpc: (for 639/641 boards) all +15.4 text +15.4
16: Refactor the bootm command to reduce code duplication
arm: (for 290/314 boards) all -352.1 bss +2.1 rodata -69.0 text
-285.2
powerpc: (for 639/641 boards) all -345.4 rodata -44.2 text -301.2
17: Add a 'fake' go command to the bootm command
arm: (for 290/314 boards) all +55.1 bss +0.1 data +26.2 rodata
+5.0 text +23.8
powerpc: (for 639/641 boards) all +42.5 data +25.6 rodata +3.2 text
+13.7
18: arm: Implement the 'fake' go command
arm: (for 290/314 boards) all +89.4 bss +4.5 rodata +25.0 text
+59.9
19: exynos: Avoid function instrumentation for microsecond timer
20: exynos: config: Add tracing options
arm: (for 290/314 boards) all +25.0 bss -0.1 data +0.2 rodata
+6.9 text +18.0
powerpc: (for 639/641 boards) all -0.0 text -0.0
21: x86: Support tracing function
powerpc: (for 639/641 boards) all +0.0 text +0.0
22: x86: config: Add tracing options
arm: (for 290/314 boards) all -0.9 bss -0.7 rodata -0.1
powerpc: (for 639/641 boards) all -0.4 rodata -0.4
23: wip
arm: (for 290/314 boards) all +0.9 bss +0.7 rodata +0.1
powerpc: (for 639/641 boards) all +0.4 rodata +0.4
24: image: Add signing infrastructure
arm: (for 290/314 boards) all -0.3 bss -0.4 data +0.1
25: image: Support signing of images
arm: (for 290/314 boards) all +18.9 bss -0.6 data -0.0 rodata
+4.5 text +15.1
powerpc: (for 639/641 boards) all +89.4 rodata +23.9
spl/u-boot-spl:all +0.1 spl/u-boot-spl:rodata +0.1 text +65.5
26: image: Add RSA support for image signing
powerpc: (for 639/641 boards) all +0.0 rodata +0.0
27: mkimage: Add -k option to specify key directory
powerpc: (for 639/641 boards) all +0.0 text +0.0
28: mkimage: Add -K to write public keys to an FDT blob
29: mkimage: Add -F option to modify an existing .fit file
powerpc: (for 639/641 boards) all -0.0 rodata -0.0 text -0.0
30: mkimage: Add -c option to specify a comment for key signing
powerpc: (for 639/641 boards) all -0.0 rodata -0.0 text +0.0
31: mkimage: Add -r option to specify keys that must be verified
powerpc: (for 639/641 boards) all +0.0 rodata +0.0
32: libfdt: Add fdt_find_regions()
arm: (for 290/314 boards) all -0.4 bss -0.4 data +0.0
33: image: Add support for signing of FIT configurations
arm: (for 290/314 boards) all +0.0 bss +0.1 data -0.0
34: sandbox: config: Enable FIT signatures with RSA
35: Add verified boot information and test
36: wip
Regards,
Simon
More information about the U-Boot
mailing list