[v1 0/5] Add Vendor Authorized Boot (VAB) support

Siew Chin Lim elly.siew.chin.lim at intel.com
Tue Nov 10 08:05:00 CET 2020 

This patchset add Vendor Authorized Boot (VAB) support for
Intel Agilex and Diamond Mesa SoC devices.

Vendor Authorized Boot is a security feature for authenticating
the images such as U-Boot, ARM trusted Firmware, Linux kernel,
device tree blob and etc loaded from FIT. After those images are
loaded from FIT, the VAB certificate and signature block appended
at the end of each image are sent to Secure Device Manager (SDM)
for authentication. U-Boot will validate the SHA384 of the image
against the SHA384 hash stored in the VAB certificate before
sending the image to SDM for authentication.


These patchsets have dependency on:
--------
Enable ARM Trusted Firmware for U-Boot
https://patchwork.ozlabs.org/project/uboot/cover/20201015122955.10259-1-elly.siew.chin.lim@intel.com/

Add Intel Diamond Mesa SoC support
https://patchwork.ozlabs.org/project/uboot/cover/20201110064439.9683-1-elly.siew.chin.lim@intel.com/


Siew Chin Lim (5):
  arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)
  arm: socfpga: cmd: Support 'vab' command
  arm: socfpga: dts: soc64: Update filename in binman node of FIT image
    with VAB support
  configs: socfpga: soc64: Remove 'run linux_qspi_enable' from
    bootcommand
  configs: socfpga: Add defconfig for Agilex and Diamond Mesa with VAB
    support

 arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi         |  22 +++
 arch/arm/mach-socfpga/Kconfig                      |  15 ++
 arch/arm/mach-socfpga/Makefile                     |   4 +
 arch/arm/mach-socfpga/include/mach/mailbox_s10.h   |   1 +
 arch/arm/mach-socfpga/include/mach/secure_vab.h    |  63 +++++++
 arch/arm/mach-socfpga/secure_vab.c                 | 188 +++++++++++++++++++++
 arch/arm/mach-socfpga/vab.c                        |  37 ++++
 common/Kconfig.boot                                |   2 +-
 ..._atf_defconfig => socfpga_agilex_vab_defconfig} |   3 +-
 ...a_dm_atf_defconfig => socfpga_dm_vab_defconfig} |   3 +-
 include/configs/socfpga_soc64_common.h             |   3 +-
 11 files changed, 336 insertions(+), 5 deletions(-)
 create mode 100644 arch/arm/mach-socfpga/include/mach/secure_vab.h
 create mode 100644 arch/arm/mach-socfpga/secure_vab.c
 create mode 100644 arch/arm/mach-socfpga/vab.c
 copy configs/{socfpga_agilex_atf_defconfig => socfpga_agilex_vab_defconfig} (96%)
 copy configs/{socfpga_dm_atf_defconfig => socfpga_dm_vab_defconfig} (96%)

-- 
2.13.0

More information about the U-Boot mailing list