[U-Boot] [PATCH v2 2/7] arm: mach-keystone: Implements FIT post-processing call for keystone SoCs
Tom Rini
trini at konsulko.com
Tue Sep 6 15:34:49 CEST 2016
On Thu, Sep 01, 2016 at 01:04:37AM -0400, Madan Srinivas wrote:
> From: Vitaly Andrianov <vitalya at ti.com>
>
> This commit implements the board_fit_image_post_process() function for
> the keystone architecture. Unlike OMAP class devices, security
> functions in keystone are not handled in the ROM.
> The interface to the secure functions is TI proprietary and depending
> on the keystone platform, the security functions like encryption,
> decryption and authentication might even be offloaded to other secure
> processing elements in the SoC.
> The boot monitor acts as the gateway to these secure functions and the
> boot monitor for secure devices is available as part of the SECDEV
> package for KS2. For more details refer doc/README.ti-secure
>
> Signed-off-by: Vitaly Andrianov <vitalya at ti.com>
> Signed-off-by: Madan Srinivas <madans at ti.com>
>
> Cc: Lokesh Vutla <lokeshvutla at ti.com>
> Cc: Dan Murphy <dmurphy at ti.com>
First, what is done to ensure that the magic blob we're offloading to
isn't malicious? Second, this appears to be missing cache flushes
that're done in arch/arm/cpu/armv7/omap-common/sec-common.c and, well,
why can't we re-use the existing code? Given how rarely IP blocks are
written from scratch rather than being an evolution of a previous block
I can't imagine that we can't make the code there be re-used nor that we
don't need / couldn't use the flushing and alignment checks nor status
messages. Thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20160906/51e8e8f6/attachment.sig>
More information about the U-Boot
mailing list