[U-Boot] [PATCH v3 0/9] Secure Boot by Authenticating/Decrypting SPL FIT blobs

Andreas Dannenberg dannenberg at ti.com
Wed Jul 20 20:19:22 CEST 2016


On Mon, Jun 27, 2016 at 09:19:15AM -0500, Andreas Dannenberg wrote:
> This is an updated version of a patch series that introduces a generic way
> to optionally post-process blobs as they get extracted by the SPL from the
> u-boot.img FIT image, and uses this scheme to perform some authentication/
> decryption related processing on TI's high-secure (HS) SoC variants. For
> additional background please see here [1].

I just wanted to point out that this now-accepted patch series in by
itself is not a 100% complete solution to address all needs of secure
boot. Specifically, the extensions made rely on loading U-Boot as a FIT
image (CONFIG_SPL_LOAD_FIT) but do not prevent the loading of a legacy
non-FIT U-Boot image. This is something that will need to get addressed
in a follow-on patch.

Regards,
Andreas

> [1] http://lists.denx.de/pipermail/u-boot/2016-June/258716.html


More information about the U-Boot mailing list