[v4 0/7] Add Vendor Authorized Boot (VAB) support

Lim, Elly Siew Chin elly.siew.chin.lim at intel.com
Fri Feb 26 18:03:17 CET 2021 

Hi All,

Please ignore this series, I accidentally create this series based on older master branch which causes patch [v4 2/7] conflict with latest master branch due to new commit about asm/global_data.h. I have rebased to latest master branch and resend the VAB series with prefix " [RESEND,v4,1/7] ...".

Thanks,
Siew Chin

> -----Original Message-----
> From: Lim, Elly Siew Chin <elly.siew.chin.lim at intel.com>
> Sent: Saturday, February 27, 2021 12:11 AM
> To: u-boot at lists.denx.de
> Cc: Marek Vasut <marex at denx.de>; Tan, Ley Foon
> <ley.foon.tan at intel.com>; See, Chin Liang <chin.liang.see at intel.com>;
> Simon Goldschmidt <simon.k.r.goldschmidt at gmail.com>; Chee, Tien Fong
> <tien.fong.chee at intel.com>; Westergreen, Dalon
> <dalon.westergreen at intel.com>; Simon Glass <sjg at chromium.org>; Gan,
> Yau Wai <yau.wai.gan at intel.com>; Lim, Elly Siew Chin
> <elly.siew.chin.lim at intel.com>
> Subject: [v4 0/7] Add Vendor Authorized Boot (VAB) support
> 
> This is the 4th version of patchset to add Vendor Authorized Boot (VAB)
> support for Intel Agilex SoC device.
> 
> Vendor Authorized Boot is a security feature for authenticating the images
> such as U-Boot, ARM trusted Firmware, Linux kernel, device tree blob and
> etc loaded from FIT. After those images are loaded from FIT, the VAB
> certificate and signature block appended at the end of each image are sent
> to Secure Device Manager (SDM) for authentication. U-Boot will validate the
> SHA384 of the image against the SHA384 hash stored in the VAB certificate
> before sending the image to SDM for authentication.
> 
> Patch status:
> Have changes: Patch 2, 7
> Other patches unchanged.
> 
> Detail changelog can find in commit message.
> 
> v3->v4:
> --------
> Patch 2:
> - Move function 'board_fit_image_post_process' and 'board_prep_linux'
> from
>   secure_vab.c to board.c
> 
> Patch 7:
> - Replace CONFIG_TARGET_SOCFPGA_STRATIX10/AGILEX with
> CONFIG_TARGET_SOCFPGA_SOC64.
> - Add this patch into 'VAB' series because it is depending on
>   CONFIG_TARGET_SOCFPGA_SOC64 patch.
> 
> History:
> --------
> [v1]:
> https://patchwork.ozlabs.org/project/uboot/cover/20201110070505.26935-
> 1-elly.siew.chin.lim at intel.com/
> [v2]:
> https://patchwork.ozlabs.org/project/uboot/cover/20210107100337.45293-
> 1-elly.siew.chin.lim at intel.com/
> [v3]:
> https://patchwork.ozlabs.org/project/uboot/cover/20210205105212.16510-
> 1-elly.siew.chin.lim at intel.com/
> 
> 
> Dalon Westergreen (1):
>   Makefile: socfpga: Add target to generate hex output for combined spl
>     and dtb
> 
> Siew Chin Lim (6):
>   arm: socfpga: Move Stratix10 and Agilex to use TARGET_SOCFPGA_SOC64
>   arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)
>   arm: socfpga: cmd: Support 'vab' command
>   arm: socfpga: dts: soc64: Update filename in binman node of FIT image
>     with VAB support
>   configs: socfpga: soc64: Move CONFIG_BOOTCOMMAND to defconfig
>   configs: socfpga: Add defconfig for Agilex with VAB support
> 
>  Makefile                                           |  11 +-
>  arch/arm/Kconfig                                   |   6 +-
>  arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi         |  22 +++
>  arch/arm/mach-socfpga/Kconfig                      |  20 +++
>  arch/arm/mach-socfpga/Makefile                     |   3 +
>  arch/arm/mach-socfpga/board.c                      |  43 ++++-
>  arch/arm/mach-socfpga/include/mach/mailbox_s10.h   |   1 +
>  arch/arm/mach-socfpga/include/mach/reset_manager.h |   3 +-
>  arch/arm/mach-socfpga/include/mach/secure_vab.h    |  63 +++++++
>  .../arm/mach-socfpga/include/mach/system_manager.h |   3 +-
>  arch/arm/mach-socfpga/secure_vab.c                 | 186
> +++++++++++++++++++++
>  arch/arm/mach-socfpga/vab.c                        |  34 ++++
>  common/Kconfig.boot                                |   2 +-
>  configs/socfpga_agilex_atf_defconfig               |   2 +
>  configs/socfpga_agilex_defconfig                   |   2 +
>  ..._atf_defconfig => socfpga_agilex_vab_defconfig} |   4 +
>  configs/socfpga_stratix10_atf_defconfig            |   2 +
>  configs/socfpga_stratix10_defconfig                |   2 +
>  drivers/ddr/altera/Kconfig                         |   6 +-
>  drivers/fpga/Kconfig                               |   2 +-
>  drivers/sysreset/Kconfig                           |   2 +-
>  include/configs/socfpga_soc64_common.h             |  10 +-
>  scripts/Makefile.spl                               |   7 +
>  23 files changed, 406 insertions(+), 30 deletions(-)  create mode 100644
> arch/arm/mach-socfpga/include/mach/secure_vab.h
>  create mode 100644 arch/arm/mach-socfpga/secure_vab.c
>  create mode 100644 arch/arm/mach-socfpga/vab.c  copy
> configs/{socfpga_agilex_atf_defconfig => socfpga_agilex_vab_defconfig}
> (91%)
> 
> --
> 2.13.0

More information about the U-Boot mailing list