[U-Boot] [PATCH v2 16/18] arm: mvebu: Implement secure boot

Stefan Roese sr at denx.de
Wed Jan 18 17:58:48 CET 2017


On 11.01.2017 16:01, Mario Six wrote:
> The patch implements secure booting for the mvebu architecture.
>
> This includes:
> - The addition of secure headers and all needed signatures and keys in
>   mkimage
> - Commands capable of writing the board's efuses to both write the
>   needed cryptographic data and enable the secure booting mechanism
> - The creation of convenience text files containing the necessary
>   commands to write the efuses
>
> The KAK and CSK keys are expected to reside in the files kwb_kak.key and
> kwb_csk.key (OpenSSL 2048 bit private keys) in the top-level directory.
>
> Signed-off-by: Reinhard Pfau <reinhard.pfau at gdsys.cc>
> Signed-off-by: Mario Six <mario.six at gdsys.cc>
> ---
> Changes in v2:
>
> * Added help text for MVEBU_EFUSE
> * Removed superfluous defined(CONFIG_MVEBU_EFUSE) from
>   arch/arm/mach-mvebu/Makefile
> * Rewrote disable_efuse_program to use clrbits_le32
> * Remove superfluous blank lines from arch/arm/mach-mvebu/include/mach/efuse.h

Thanks Mario for the nice and extensive documentation that you have
added in this patch version. Really appreciated. I only skimmed
though the patch and will re-test building for some other AXP / A38x
board once I apply this patch series for upstreaming - perhaps
next week. For now:

Reviewed-by: Stefan Roese <sr at denx.de>

Thanks,
Stefan


More information about the U-Boot mailing list