[U-Boot] [PATCH v3 0/14] Minor improvements to secure boot and enable on beaglebone

Simon Glass sjg at chromium.org
Tue Jun 3 06:04:43 CEST 2014 

This series fixes a few problems that have come up since the secure boot
series was merged:

- A recent commit broken the assumption that u-boot.bin ends at a known
address (thus making things appended to U-Boot inaccessible from the code).
This is fixed for Beaglebone and a few other boards. A new test is added to
the Makefile to ensure that it does not break again. All boards have been
tested to make sure the problem does not appear elsewhere.

- A way is needed to provide an externally-build device tree binary for
U-Boot. This allows signing to happen outside the U-Boot build system.

- The .img files generated by an OMAP build need to include the FDT if one
is appended.

- Adding signatures to an FDT can cause the FDT to run out of space. The
fix is to regenerate the FDT from scratch with different dtc parameters, so
pretty painful. Instead, we automatically expand the FDT.

The last commit enables verified boot on a Beaglebone Black with a special
configuration. Use 'am335x_boneblack_vboot' for this. This will soon disable
support for legacy images.

Changes in v3:
- Add new patch to ensure the hash section is inside the image for cm_t335
- Add new patch to ensure the hash section is inside the image for mx31ads
- Rebase to master and update commit message
- Fix typo in commit message
- Add new patch to improve error handling in fit_common
- Rebase to master
- Also enable LZO and timestamps, plus increase the maximum kernel size
- Use verified boot only on a new board - am335x_boneblack_vboot

Changes in v2:
- Add new patch to ensure the hash section is inside the image for am335x
- Add new patch to check u-boot.bin size against symbol table
- Update to cover all omap devices
- Adjust for kbuild changes
- Fix line over 80cols
- Move device tree files into arch/arm/dts

Simon Glass (14):
  ti: am335x: Fix the U-Boot binary output
  cm_t335: Fix the U-Boot binary output
  mx31ads: Fix the U-Boot binary output
  Check that u-boot.bin size looks correct
  am33xx/omap: Allow cache enable for all Sitara/OMAP
  hash: Export the function to show a hash
  fdt: Add DEV_TREE_BIN option to specify a device tree binary file
  fdt: Update functions which write to an FDT to return -ENOSPC
  Improve error handling in fit_common
  mkimage: Automatically make space in FDT when full
  arm: ti: Increase malloc size to 16MB for armv7 boards
  am33xx/omap: Enable CONFIG_OF_CONTROL
  am33xx/omap: Enable FIT support
  am33xx/omap: Add a new board to enable verified boot

 Makefile                                       |  16 +-
 arch/arm/cpu/armv7/am33xx/board.c              |   8 -
 arch/arm/cpu/armv7/omap-common/Makefile        |   4 +
 arch/arm/cpu/armv7/omap-common/hwinit-common.c |  42 --
 arch/arm/cpu/armv7/omap-common/omap-cache.c    |  56 +++
 arch/arm/cpu/armv7/omap3/board.c               |   8 -
 arch/arm/dts/Makefile                          |   1 +
 arch/arm/dts/am335x-bone-common.dtsi           | 262 ++++++++++
 arch/arm/dts/am335x-boneblack.dts              |  17 +
 arch/arm/dts/am33xx.dtsi                       | 649 +++++++++++++++++++++++++
 arch/arm/dts/dt-bindings/gpio/gpio.h           |  15 +
 arch/arm/dts/dt-bindings/pinctrl/am33xx.h      |  42 ++
 arch/arm/dts/dt-bindings/pinctrl/omap.h        |  55 +++
 arch/arm/dts/tps65217.dtsi                     |  56 +++
 board/compulab/cm_t335/u-boot.lds              |   4 +-
 board/freescale/mx31ads/u-boot.lds             |   4 +-
 board/ti/am335x/u-boot.lds                     |   3 +-
 boards.cfg                                     |   1 +
 common/hash.c                                  |   7 +-
 common/image-fit.c                             |   4 +-
 doc/README.fdt-control                         |  16 +-
 dts/Makefile                                   |   4 +
 include/configs/am335x_evm.h                   |  15 +
 include/configs/ti_armv7_common.h              |   2 +-
 include/hash.h                                 |  15 +
 include/rsa.h                                  |   3 +-
 lib/rsa/rsa-sign.c                             |  28 +-
 tools/fit_check_sign.c                         |   4 +-
 tools/fit_common.c                             |  49 +-
 tools/fit_common.h                             |  15 +-
 tools/fit_image.c                              | 112 +++--
 tools/fit_info.c                               |   2 +-
 tools/image-host.c                             |  26 +-
 33 files changed, 1390 insertions(+), 155 deletions(-)
 create mode 100644 arch/arm/cpu/armv7/omap-common/omap-cache.c
 create mode 100644 arch/arm/dts/am335x-bone-common.dtsi
 create mode 100644 arch/arm/dts/am335x-boneblack.dts
 create mode 100644 arch/arm/dts/am33xx.dtsi
 create mode 100644 arch/arm/dts/dt-bindings/gpio/gpio.h
 create mode 100644 arch/arm/dts/dt-bindings/pinctrl/am33xx.h
 create mode 100644 arch/arm/dts/dt-bindings/pinctrl/omap.h
 create mode 100644 arch/arm/dts/tps65217.dtsi

-- 
1.9.1.423.g4596e3a

More information about the U-Boot mailing list