[PATCH 00/14] aspeed: Support secure boot chain with FIT image verification

Chia-Wei Wang chiawei_wang at aspeedtech.com
Tue Jul 13 11:00:02 CEST 2021 

This patch series intends to provide a secure boot chain from SPL to Linux kernel
based on the hash and signature verification of FIT image paradigm.

To improve the performance and save code size (SPL is limited to 64KB due to HW-RoT),
the drviers of two HW crypto engine HACE and ARCY are also added for AST26xx SoCs.

As HACE and ARCY can only access to DRAM space, additional configuration and
boot command are also updated according to move each FIT image before its booting.

In addition, the common code of FIT image hash algorithm lookup is also revised
to leverage the HW accelerated calculation.

Chia-Wei Wang (14):
  aspeed: ast2600: Enlarge SRAM size
  clk: ast2600: Add YCLK control for HACE
  crypto: aspeed: Add AST2600 HACE support
  ast2600: spl: Add HACE probing
  ARM: dts: ast2600: Add HACE to device tree
  common: fit: Use hash.c to call CRC/SHA function
  clk: ast2600: Add RSACLK control for ARCY
  crypto: aspeed: Add AST2600 ARCY support
  ast2600: spl: Add ARCY probing
  ARM: dts: ast2600: Add ARCY to device tree
  ast2600: spl: Locate load buffer in DRAM space
  configs: ast2600-evb: Enable SPL FIT support
  configs: aspeed: Make EXTRA_ENV_SETTINGS board specific
  configs: ast2600: Boot kernel FIT in DRAM

 arch/arm/dts/ast2600-evb.dts                  |  10 +
 arch/arm/dts/ast2600.dtsi                     |  17 ++
 arch/arm/include/asm/arch-aspeed/platform.h   |   2 +-
 .../arm/include/asm/arch-aspeed/scu_ast2600.h |   6 +-
 arch/arm/mach-aspeed/ast2600/spl.c            |  29 +-
 common/image-fit.c                            |  35 +--
 configs/evb-ast2600_defconfig                 |  26 +-
 drivers/clk/aspeed/clk_ast2600.c              |  35 +++
 drivers/crypto/Kconfig                        |   2 +
 drivers/crypto/Makefile                       |   1 +
 drivers/crypto/aspeed/Kconfig                 |  22 ++
 drivers/crypto/aspeed/Makefile                |   2 +
 drivers/crypto/aspeed/aspeed_arcy.c           | 182 +++++++++++
 drivers/crypto/aspeed/aspeed_hace.c           | 288 ++++++++++++++++++
 include/configs/aspeed-common.h               |   9 -
 include/configs/evb_ast2500.h                 |   6 +
 include/configs/evb_ast2600.h                 |  13 +
 lib/rsa/Kconfig                               |  10 +-
 18 files changed, 645 insertions(+), 50 deletions(-)
 create mode 100644 drivers/crypto/aspeed/Kconfig
 create mode 100644 drivers/crypto/aspeed/Makefile
 create mode 100644 drivers/crypto/aspeed/aspeed_arcy.c
 create mode 100644 drivers/crypto/aspeed/aspeed_hace.c

-- 
2.17.1

More information about the U-Boot mailing list