[U-Boot] [PATCH v2 0/7] Adds support for secure boot on Keystone SoCs (K2E)
Lokesh Vutla
lokeshvutla at ti.com
Sat Sep 3 18:56:39 CEST 2016
On Friday 02 September 2016 10:18 PM, Srinivas, Madan wrote:
> On 9/2/2016 12:25 AM, Lokesh Vutla wrote:
>>
>>
>> On Thursday 01 September 2016 10:34 AM, Madan Srinivas wrote:
>>> This series adds support for secure keystone family of devices, more
>>> specifically for K2E (Edison).This work is similar to what has already
>>> been done for the AM43xx and AM57xx SoCs and leverages much of the
>>> infrastructure from them.
>>>
>>> The big difference here is the ROM on keystone2 devices does not provide
>>> any APIs for image authentication. Rather, the image authentication and
>>> decryption routines and other security functions are provided by
>>> software and can run on the ARM in Trustzone as well as on secure DSPs.
>>>
>>> A component known as the boot monitor acts as they gateway to this
>>> secure
>>> processing, and abstracts out the details from the public world. Unlike
>>> OMAP class devices, where u-boot calls ROM APIs, u-boot calls into
>>> the boot-
>>> monitor on keystone devices.
>>>
>>> Other than this difference, most of the secure framework for AMxx and
>>> DRAxx devices have been re-used.
>>>
>>> Couple of other points to note :-
>>>
>>> -Support for SPL on secure keystone devices is still TBD,
>>> so boot from SPI flash, which needs SPL, is not supported currently
>>> on K2 devices.
>>>
>>> -A single image will work across all other boot media for secure K2
>>> devices.
>>
>> Overall looks good to me. What happened to the early abort seen on H2 HS
>> devices. How are you handling it?
>>
>> Thanks and regards,
>> Lokesh
>>
> The early abort is being handled in the boot monitor code. When the
> abort handler is implemented in u-boot, we can remove it from the boot
> monitor.
What is the expectation when you meant abort handler in u-boot? Do you
want to clear the abort or something else?
Thanks and regards,
Lokesh
>
> Regards,
> Madan
>>>
>>> Changes in v2:
>>> - Corrects typo in commit message for PATCH 1/7 in this series
>>> - The following changes are made to mon.c based on review comments
>>> Adds NULL pointer check before calling authentication interface
>>> Removes an unnecessary printf
>>> Updates size of signed FIT blob after post processing removes header
>>> - Adds a new name for the signed output image in config_secure.mk
>>> to keep it in line with the image name used by non-secure keystone
>>> devices.
>>> - Changes the target for secure keystone devices in config.mk
>>> to u-boot_HS_MLO to keep it in line with the MLO target that
>>> is built for non-secure keystone devices.
>>> - Updates k2e_hs_evm_defconfig to reduce the delta seen if one
>>> regenerates it using savedefconfig or similar tools.
>>>
>>> Madan Srinivas (4):
>>> include: image.h: Fixes build warning with
>>> CONFIG_FIT_IMAGE_POST_PROCESS
>>> arm: omap-common: adds secure image name common to OMAP and keystone
>>> arm: mach-keystone: config.mk: Adds support for secure images on K2
>>> doc: Updates info on using keystone secure devices from TI
>>>
>>> Vitaly Andrianov (3):
>>> arm: mach-keystone: Implements FIT post-processing call for keystone
>>> SoCs
>>> arm: omap-common: Enable support for K2 HS devices in u-boot
>>> configs: Adds a defconfig for K2E High Security EVM
>>>
>>> arch/arm/cpu/armv7/omap-common/Kconfig | 2 +-
>>> arch/arm/cpu/armv7/omap-common/config_secure.mk | 6 +++
>>> arch/arm/mach-keystone/config.mk | 6 +++
>>> arch/arm/mach-keystone/mon.c | 55
>>> +++++++++++++++++++++++++
>>> configs/k2e_hs_evm_defconfig | 43
>>> +++++++++++++++++++
>>> doc/README.ti-secure | 20 +++++++++
>>> include/image.h | 3 +-
>>> 7 files changed, 133 insertions(+), 2 deletions(-)
>>> create mode 100644 configs/k2e_hs_evm_defconfig
>>>
>
More information about the U-Boot
mailing list