[U-Boot] [PATCH v2 16/18] arm: mvebu: Implement secure boot
Stefan Roese
sr at denx.de
Wed Jan 18 17:58:48 CET 2017
On 11.01.2017 16:01, Mario Six wrote:
> The patch implements secure booting for the mvebu architecture.
>
> This includes:
> - The addition of secure headers and all needed signatures and keys in
> mkimage
> - Commands capable of writing the board's efuses to both write the
> needed cryptographic data and enable the secure booting mechanism
> - The creation of convenience text files containing the necessary
> commands to write the efuses
>
> The KAK and CSK keys are expected to reside in the files kwb_kak.key and
> kwb_csk.key (OpenSSL 2048 bit private keys) in the top-level directory.
>
> Signed-off-by: Reinhard Pfau <reinhard.pfau at gdsys.cc>
> Signed-off-by: Mario Six <mario.six at gdsys.cc>
> ---
> Changes in v2:
>
> * Added help text for MVEBU_EFUSE
> * Removed superfluous defined(CONFIG_MVEBU_EFUSE) from
> arch/arm/mach-mvebu/Makefile
> * Rewrote disable_efuse_program to use clrbits_le32
> * Remove superfluous blank lines from arch/arm/mach-mvebu/include/mach/efuse.h
Thanks Mario for the nice and extensive documentation that you have
added in this patch version. Really appreciated. I only skimmed
though the patch and will re-test building for some other AXP / A38x
board once I apply this patch series for upstreaming - perhaps
next week. For now:
Reviewed-by: Stefan Roese <sr at denx.de>
Thanks,
Stefan
More information about the U-Boot
mailing list