[U-Boot] [PATCH v2 16/18] arm: mvebu: Implement secure boot
Simon Glass
sjg at chromium.org
Thu Jan 19 14:57:46 CET 2017
On 11 January 2017 at 08:01, Mario Six <mario.six at gdsys.cc> wrote:
> The patch implements secure booting for the mvebu architecture.
>
> This includes:
> - The addition of secure headers and all needed signatures and keys in
> mkimage
> - Commands capable of writing the board's efuses to both write the
> needed cryptographic data and enable the secure booting mechanism
> - The creation of convenience text files containing the necessary
> commands to write the efuses
>
> The KAK and CSK keys are expected to reside in the files kwb_kak.key and
> kwb_csk.key (OpenSSL 2048 bit private keys) in the top-level directory.
>
> Signed-off-by: Reinhard Pfau <reinhard.pfau at gdsys.cc>
> Signed-off-by: Mario Six <mario.six at gdsys.cc>
> ---
> Changes in v2:
>
> * Added help text for MVEBU_EFUSE
> * Removed superfluous defined(CONFIG_MVEBU_EFUSE) from
> arch/arm/mach-mvebu/Makefile
> * Rewrote disable_efuse_program to use clrbits_le32
> * Remove superfluous blank lines from arch/arm/mach-mvebu/include/mach/efuse.h
> ---
> Makefile | 3 +-
> arch/arm/mach-mvebu/Kconfig | 35 ++
> arch/arm/mach-mvebu/Makefile | 1 +
> arch/arm/mach-mvebu/efuse.c | 264 +++++++++++
> arch/arm/mach-mvebu/include/mach/cpu.h | 2 +
> arch/arm/mach-mvebu/include/mach/efuse.h | 69 +++
> doc/README.armada-secureboot | 373 ++++++++++++++++
> tools/Makefile | 6 +-
> tools/kwbimage.c | 744 ++++++++++++++++++++++++++++++-
> tools/kwbimage.h | 37 ++
> 10 files changed, 1526 insertions(+), 8 deletions(-)
> create mode 100644 arch/arm/mach-mvebu/efuse.c
> create mode 100644 arch/arm/mach-mvebu/include/mach/efuse.h
> create mode 100644 doc/README.armada-secureboot
>
Reviewed-by: Simon Glass <sjg at chromium.org>
More information about the U-Boot
mailing list