[U-Boot] [PATCH] Add bootscript support to esbc_validate.

Ruchika Gupta ruchika.gupta at freescale.com
Tue Mar 10 17:25:18 CET 2015


Hi York,

> -----Original Message-----
> From: Sun York-R58495
> Sent: Tuesday, March 10, 2015 9:45 PM
> To: Rana Gaurav-B46163; u-boot at lists.denx.de
> Cc: Wood Scott-B07421; Gupta Ruchika-R66431; Bansal Aneesh-B39320
> Subject: Re: [PATCH] Add bootscript support to esbc_validate.
> 
> 
> 
> On 03/10/2015 01:38 AM, Gaurav Rana wrote:
> > 1. Default environment will be used for secure boot flow  which can't
> > be edited or saved.
> > 2. Command for secure boot is predefined in the default  environment
> > which will run on autoboot (and autoboot is  the only option allowed
> > in case of secure boot) and it  looks like this:
> >  #define CONFIG_SECBOOT \
> >  "setenv bs_hdraddr 0xe8e00000;"                 \
> >  "esbc_validate $bs_hdraddr;"                    \
> >  "source $img_addr;"                             \
> >  "esbc_halt;"
> >  #endif
> > 3. Boot Script can contain esbc_validate commands and bootm command.
> >  Uboot source command used in default secure boot command will  run
> > the bootscript.
> > 4. Command esbc_halt added to ensure either bootm executes  after
> > validation of images or core should just spin.
> >
> What's the purpose of "esbc_halt"? Once it enters the spin, how to get it
> out?
The purpose of bootscript is to validate the next level images and then pass control to it, so bootscript must contain a bootm command. We don't expect control to return back to u-boot. Hence a command esbc_halt is introduced which would make the core spin and not provide uboot prompt in case bootscript doesn't pass control to next level image. 
For secure chain of trust, only validated bootscript should be allowed to execute and be responsible for passing control to next level image.

Ruchika
> 
> York



More information about the U-Boot mailing list