[U-Boot] [PATCH v3 0/14] Minor improvements to secure boot and enable on beaglebone

Tom Rini trini at ti.com
Thu Jun 12 00:18:27 CEST 2014


On Mon, Jun 02, 2014 at 10:04:43PM -0600, Simon Glass wrote:

> This series fixes a few problems that have come up since the secure boot
> series was merged:
> 
> - A recent commit broken the assumption that u-boot.bin ends at a known
> address (thus making things appended to U-Boot inaccessible from the code).
> This is fixed for Beaglebone and a few other boards. A new test is added to
> the Makefile to ensure that it does not break again. All boards have been
> tested to make sure the problem does not appear elsewhere.
> 
> - A way is needed to provide an externally-build device tree binary for
> U-Boot. This allows signing to happen outside the U-Boot build system.
> 
> - The .img files generated by an OMAP build need to include the FDT if one
> is appended.
> 
> - Adding signatures to an FDT can cause the FDT to run out of space. The
> fix is to regenerate the FDT from scratch with different dtc parameters, so
> pretty painful. Instead, we automatically expand the FDT.
> 
> The last commit enables verified boot on a Beaglebone Black with a special
> configuration. Use 'am335x_boneblack_vboot' for this. This will soon disable
> support for legacy images.
> 
> Changes in v3:
> - Add new patch to ensure the hash section is inside the image for cm_t335
> - Add new patch to ensure the hash section is inside the image for mx31ads
> - Rebase to master and update commit message
> - Fix typo in commit message
> - Add new patch to improve error handling in fit_common
> - Rebase to master
> - Also enable LZO and timestamps, plus increase the maximum kernel size
> - Use verified boot only on a new board - am335x_boneblack_vboot
> 
> Changes in v2:
> - Add new patch to ensure the hash section is inside the image for am335x
> - Add new patch to check u-boot.bin size against symbol table
> - Update to cover all omap devices
> - Adjust for kbuild changes
> - Fix line over 80cols
> - Move device tree files into arch/arm/dts

Note that I applied this directly to master since it's largely TI boards
or generic code, I hope you don't mind Albert.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20140611/800f9765/attachment.pgp>


More information about the U-Boot mailing list