[U-Boot] [PATCH v2 0/11] Minor improvements to secure boot and enable on beaglebone
Simon Glass
sjg at chromium.org
Wed Apr 16 16:41:33 CEST 2014
This series fixes a few problems that have come up since the secure boot
series was merged:
- A recent commit broken the assumption that u-boot.bin ends at a known
address (thus making things appended to U-Boot inaccessible from the code).
This is fixed for Beaglebone and also a new test is added to the Makefile
to ensure that it does not break again. All boards have been tested.
- A way is needed to provide an externally-build device tree binary for
U-Boot. This allows signing to happen outside the U-Boot build system.
- The .img files generated by an OMAP build need to include the FDT if one
is appended.
- Adding signatures to an FDT can cause the FDT to run out of space. The
fix is to regenerate the FDT from scratch with different dtc parameters, so
pretty painful. Instead, we automatically expand the FDT.
The last two commits enable secure boot on Beaglebone (this will have no
effect unless signed images are used). This could be moved to a separate
configuration if required, or these patches could even be ignored:
am33xx/omap: Enable FIT support
am33xx/omap: Enable secure boot with CONFIG_FIT_SIGNATURE
This series has been run through buildman:
/tools/buildman/buildman -b talk2 -s
Summary of 12 commits for 1210 boards (32 threads, 1 job per thread)
01: Prepare v2014.04
blackfin: + bf609-ezkit
m68k: + M54455EVB_a66 M5329AFEE M5249EVB M5208EVBE eb_cpu5282
M54451EVB astro_mcf5373l M54418TWR_serial_rmii M54455EVB_intel M5475FFE
M5282EVB M54455EVB_i66 M5475GFE M5253DEMO M54455EVB_stm33 M5485BFE M5485DFE
TASREG M5329BFEE M52277EVB M5475EFE M5475CFE cobra5272 M5485AFE M53017EVB
M5485HFE M5235EVB M5253EVBE M54418TWR_nand_mii M54418TWR_nand_rmii_lowfreq
M5475BFE M54418TWR_nand_rmii M5475DFE M5275EVB M52277EVB_stmicro
eb_cpu5282_internal M54451EVB_stmicro M5485GFE M5373EVB M5485EFE M5485FFE
M54418TWR M5235EVB_Flash32 M54418TWR_serial_mii M5485CFE M54455EVB M5475AFE
M5272C3
powerpc: + SIMPC8313_SP P1023RDS_NAND MPC8569MDS_NAND P2020RDB_NAND
MPC8536DS_NAND P1020RDB_NAND MPC8315ERDB_NAND P1011RDB_NAND SIMPC8313_LP
MPC8572DS_NAND P2010RDB_NAND
sparc: + grsim grsim_leon2 gr_cpci_ax2000 gr_xc3s_1500 gr_ep2s60
sh: + rsk7269 rsk7264 rsk7203
nios2: + nios2-generic PK1C20
microblaze: + microblaze-generic
openrisc: + openrisc-generic
arm: + tricorder tricorder_flash
02: Check that u-boot.bin size looks correct
arm: + am335x_evm_uart5 am335x_evm_uart4 am335x_evm_uart1
am335x_evm_uart3 am335x_boneblack am335x_evm_usbspl am335x_evm_nor
cm_t335 am335x_evm_norboot am335x_evm_spiboot am335x_evm am335x_evm_uart2
mx31ads
03: ti: am335x: Fix the U-Boot binary output
arm: am335x_evm_uart5 am335x_evm_uart4 am335x_evm_uart1
am335x_evm_uart3 am335x_boneblack am335x_evm_usbspl am335x_evm_nor
am335x_evm_norboot am335x_evm_spiboot am335x_evm am335x_evm_uart2
04: am33xx/omap: Allow cache enable for all Sitara/OMAP
05: hash: Export functions to find and show hash
06: fdt: Add DEV_TREE_BIN option to specify a device tree binary file
07: fdt: Update functions which write to an FDT to return -ENOSPC
08: mkimage: Automatically make space in FDT when full
09: arm: ti: Increase malloc size to 16MB for armv7 boards
10: am33xx/omap: Enable CONFIG_OF_CONTROL
11: am33xx/omap: Enable FIT support
12: am33xx/omap: Enable secure boot with CONFIG_FIT_SIGNATURE
The breakage in 02 is because I add the check before fixing the problem, in
order to verify what is affected. The order can be changed when applying if
required.
Changes in v2:
- Add new patch to check u-boot.bin size against symbol table
- Add new patch to ensure the hash section is inside the image for am335x
- Update to cover all omap devices
- Adjust for kbuild changes
- Fix line over 80cols
- Move device tree files into arch/arm/dts
Simon Glass (11):
Check that u-boot.bin size looks correct
ti: am335x: Fix the U-Boot binary output
am33xx/omap: Allow cache enable for all Sitara/OMAP
hash: Export functions to find and show hash
fdt: Add DEV_TREE_BIN option to specify a device tree binary file
fdt: Update functions which write to an FDT to return -ENOSPC
mkimage: Automatically make space in FDT when full
arm: ti: Increase malloc size to 16MB for armv7 boards
am33xx/omap: Enable CONFIG_OF_CONTROL
am33xx/omap: Enable FIT support
am33xx/omap: Enable secure boot with CONFIG_FIT_SIGNATURE
Makefile | 16 +-
arch/arm/cpu/armv7/am33xx/board.c | 8 -
arch/arm/cpu/armv7/omap-common/Makefile | 4 +
arch/arm/cpu/armv7/omap-common/hwinit-common.c | 42 --
arch/arm/cpu/armv7/omap-common/omap-cache.c | 56 +++
arch/arm/cpu/armv7/omap3/board.c | 8 -
arch/arm/dts/Makefile | 1 +
arch/arm/dts/am335x-bone-common.dtsi | 262 ++++++++++
arch/arm/dts/am335x-boneblack.dts | 17 +
arch/arm/dts/am33xx.dtsi | 649 +++++++++++++++++++++++++
arch/arm/dts/dt-bindings/gpio/gpio.h | 15 +
arch/arm/dts/dt-bindings/pinctrl/am33xx.h | 42 ++
arch/arm/dts/dt-bindings/pinctrl/omap.h | 55 +++
arch/arm/dts/tps65217.dtsi | 56 +++
board/ti/am335x/u-boot.lds | 3 +-
common/hash.c | 13 +-
common/image-fit.c | 4 +-
doc/README.fdt-control | 16 +-
dts/Makefile | 4 +
include/configs/am335x_evm.h | 9 +
include/configs/ti_armv7_common.h | 2 +-
include/hash.h | 22 +
include/rsa.h | 3 +-
lib/rsa/rsa-sign.c | 28 +-
tools/fit_image.c | 165 +++++--
tools/image-host.c | 26 +-
26 files changed, 1381 insertions(+), 145 deletions(-)
create mode 100644 arch/arm/cpu/armv7/omap-common/omap-cache.c
create mode 100644 arch/arm/dts/am335x-bone-common.dtsi
create mode 100644 arch/arm/dts/am335x-boneblack.dts
create mode 100644 arch/arm/dts/am33xx.dtsi
create mode 100644 arch/arm/dts/dt-bindings/gpio/gpio.h
create mode 100644 arch/arm/dts/dt-bindings/pinctrl/am33xx.h
create mode 100644 arch/arm/dts/dt-bindings/pinctrl/omap.h
create mode 100644 arch/arm/dts/tps65217.dtsi
--
1.9.1.423.g4596e3a
More information about the U-Boot
mailing list