[U-Boot] [PATCH 00/13] Cleanups to allow secure boot on AM33xx devices
Lokesh Vutla
lokeshvutla at ti.com
Fri Aug 19 08:10:32 CEST 2016
On Thursday 18 August 2016 09:11 PM, Andrew F. Davis wrote:
> Hello all,
>
> I've recently been tasked with enabling authenticated boot for AM33xx based
> devices. This work is similar to what has already been done for the AM43xx
> and AM57xx SoCs and leverages much of the infrastructure from them.
>
> The big difference here is the size of SRAM available on AM33xx being much
> less than on the other SoCs, when performing a secure boot this limits
> the maximum size of the SPL to just ~41k, the SPL currently generated for
> AM33xx SoCs is ~70k. To trim down the SPL we move various options from
> the config headers to the Kconfig system so we can selectively disable
> them in HS specific defconfigs.
>
> To do this we start in patch 1 and 2 by creating Kconfig options for
> specifying what for what media the SPL should be able to load U-Boot
> from and for what media the SPL should itself be loaded from, respectively.
> We do this as the secure signature contains the name of the SPL boot
> media, and to reduce size. Also this works to reduce confusion
> in build types vs load types, we fix such an issue in patch 8.
>
> In patch 3 and 4 we use the newly added _SUPPORT Kconfigs on a couple
> boards.
>
> The rest are hopefully explained well enough in the commit message.
Have you tried doing build tests using buildman?. It is throwing lot of
errors.
Thanks and regards,
Lokesh
>
> Thanks,
> Andrew
>
> Andrew F. Davis (13):
> spl: Kconfig: Add SPL_<media>_SUPPORT as Kconfig option
> spl: Kconfig: Add SPL_<media>_BOOT as Kconfig option
> spl: Kconfig: Add CONFIG_SPL_TEXT_BASE as Kconfig option
> config: am335x_evm: Move CONFIG_SPL_YMODEM_SUPPORT to Kconfig
> config: am43xx_evm: Move CONFIG_SPL_YMODEM_SUPPORT to Kconfig
> Kconfig: Separate AM33XX SOC config from target board config
> am33xx: config.mk: Add support for additional secure boot image types
> am33xx: config.mk: Fix option used to enable SPI SPL image type
> doc: Update info on using AM33xx secure devices from TI
> ti: omap-common: Allow AM33xx devices to be built securely
> omap: Use SD_BOOT in place of EMMC_BOOT
> config: Remove usage of CONFIG_STORAGE_EMMC
> board: am33xx-hs: spl: Allow post-processing of FIT image on AM33xx
>
> Kconfig | 8 ++++
> arch/arm/Kconfig | 20 ++++----
> arch/arm/cpu/armv7/am33xx/Kconfig | 18 ++++++++
> arch/arm/cpu/armv7/am33xx/config.mk | 29 ++++++++++--
> arch/arm/cpu/armv7/omap-common/Kconfig | 2 +-
> board/ti/am335x/board.c | 8 ++++
> board/ti/am335x/mux.c | 4 +-
> common/Kconfig | 76 +++++++++++++++++++++++++++++++
> common/spl/Kconfig | 54 ++++++++++++++++++++++
> configs/am335x_boneblack_defconfig | 4 +-
> configs/am335x_boneblack_vboot_defconfig | 5 +-
> configs/am335x_evm_defconfig | 3 ++
> configs/am335x_evm_nor_defconfig | 2 +
> configs/am335x_evm_norboot_defconfig | 1 +
> configs/am335x_evm_spiboot_defconfig | 2 +
> configs/am335x_evm_usbspl_defconfig | 1 +
> configs/am335x_sl50_defconfig | 2 +-
> configs/am43xx_evm_defconfig | 1 +
> configs/am43xx_evm_ethboot_defconfig | 1 +
> configs/am43xx_evm_qspiboot_defconfig | 1 +
> configs/am43xx_evm_usbhost_boot_defconfig | 1 +
> configs/am43xx_hs_evm_defconfig | 1 +
> configs/brppt1_mmc_defconfig | 3 +-
> configs/brppt1_spi_defconfig | 3 +-
> doc/README.ti-secure | 32 +++++++++++++
> include/configs/am335x_evm.h | 6 +--
> include/configs/am335x_shc.h | 2 -
> include/configs/am335x_sl50.h | 4 +-
> include/configs/am43xx_evm.h | 1 -
> include/configs/bav335x.h | 4 +-
> include/configs/brppt1.h | 6 +--
> include/configs/ti_am335x_common.h | 4 ++
> 32 files changed, 272 insertions(+), 37 deletions(-)
> create mode 100644 common/spl/Kconfig
>
More information about the U-Boot
mailing list