[U-Boot] [PATCH v3 0/6] Introduce secure boot for Bay Trail
Anatolij Gustschin
agust at denx.de
Fri Nov 17 01:06:29 UTC 2017
This patch series makes the hardware mechanisms for verified boot on
Bay Trail based platforms usable in/for U-Boot. The series brings in
binman extension which allows to easily create and assemble a Secure
Boot Manifest in the U-Boot ROM image. The manifest gets utilized by
the Trusted Execution Engine on the SoC.
Anatolij Gustschin (2):
binman: add optional support for U-Boot image signing
binman: add ROM image signing for Bay Trail SoC
Markus Valentin (4):
x86: baytrail: Add fsp-header verification for secure boot FSP
x86: baytrail: secureboot: Add functions for verification of U-Boot
x86: congatec: add secureboot enabled defconfig for
conga-qeval20-qa3-e3845
doc: x86: Add section about secure boot on Bay Trail
arch/x86/Kconfig | 3 +-
arch/x86/cpu/baytrail/Kconfig | 10 +
arch/x86/cpu/baytrail/Makefile | 1 +
arch/x86/cpu/baytrail/secure_boot.c | 117 ++++++++
arch/x86/dts/u-boot.dtsi | 7 +
.../include/asm/arch-baytrail/fsp/fsp_configs.h | 24 ++
arch/x86/include/asm/fsp/fsp_support.h | 2 +
arch/x86/lib/fsp/fsp_support.c | 42 +++
...0-qa3-e3845-internal-uart-secure-boot_defconfig | 60 ++++
doc/README.x86 | 49 ++++
tools/binman/binman.py | 3 +
tools/binman/cmdline.py | 2 +
tools/binman/control.py | 1 +
tools/binman/image.py | 23 ++
tools/binman/signing/baytrail.py | 313 +++++++++++++++++++++
tools/binman/signing/signer.py | 24 ++
16 files changed, 680 insertions(+), 1 deletion(-)
create mode 100644 arch/x86/cpu/baytrail/secure_boot.c
create mode 100644 configs/conga-qeval20-qa3-e3845-internal-uart-secure-boot_defconfig
create mode 100644 tools/binman/signing/baytrail.py
create mode 100644 tools/binman/signing/signer.py
--
2.11.0
More information about the U-Boot
mailing list