[v5 0/7] Add Vendor Authorized Boot (VAB) support
Siew Chin Lim
elly.siew.chin.lim at intel.com
Mon Mar 1 13:04:09 CET 2021
This is the 5th version of patchset to add Vendor Authorized Boot (VAB)
support for Intel Agilex SoC device.
Vendor Authorized Boot is a security feature for authenticating
the images such as U-Boot, ARM trusted Firmware, Linux kernel,
device tree blob and etc loaded from FIT. After those images are
loaded from FIT, the VAB certificate and signature block appended
at the end of each image are sent to Secure Device Manager (SDM)
for authentication. U-Boot will validate the SHA384 of the image
against the SHA384 hash stored in the VAB certificate before
sending the image to SDM for authentication.
Patch status:
Have changes: Patch 2
Other patches unchanged.
Detail changelog can find in commit message.
v4->v5:
--------
Patch 2:
- in arch/arm/mach-socfpga/board.c
- Move #if IS_ENABLED(CONFIG_SOCFPGA_SECURE_VAB_AUTH) inside board_fit_image_post_process function.
- Move #if IS_ENABLED(CONFIG_SPL_BUILD) outside board_prep_linux function.
History:
--------
[v1]: https://patchwork.ozlabs.org/project/uboot/cover/20201110070505.26935-1-elly.siew.chin.lim@intel.com/
[v2]: https://patchwork.ozlabs.org/project/uboot/cover/20210107100337.45293-1-elly.siew.chin.lim@intel.com/
[v3]: https://patchwork.ozlabs.org/project/uboot/cover/20210205105212.16510-1-elly.siew.chin.lim@intel.com/
[v4]: https://patchwork.ozlabs.org/project/uboot/cover/20210226165733.7591-1-elly.siew.chin.lim@intel.com/
Dalon Westergreen (1):
Makefile: socfpga: Add target to generate hex output for combined spl
and dtb
Siew Chin Lim (6):
arm: socfpga: Move Stratix10 and Agilex to use TARGET_SOCFPGA_SOC64
arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)
arm: socfpga: cmd: Support 'vab' command
arm: socfpga: dts: soc64: Update filename in binman node of FIT image
with VAB support
configs: socfpga: soc64: Move CONFIG_BOOTCOMMAND to defconfig
configs: socfpga: Add defconfig for Agilex with VAB support
Makefile | 11 +-
arch/arm/Kconfig | 6 +-
arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi | 22 +++
arch/arm/mach-socfpga/Kconfig | 20 +++
arch/arm/mach-socfpga/Makefile | 3 +
arch/arm/mach-socfpga/board.c | 45 ++++-
arch/arm/mach-socfpga/include/mach/mailbox_s10.h | 1 +
arch/arm/mach-socfpga/include/mach/reset_manager.h | 3 +-
arch/arm/mach-socfpga/include/mach/secure_vab.h | 63 +++++++
.../arm/mach-socfpga/include/mach/system_manager.h | 3 +-
arch/arm/mach-socfpga/secure_vab.c | 186 +++++++++++++++++++++
arch/arm/mach-socfpga/vab.c | 34 ++++
common/Kconfig.boot | 2 +-
configs/socfpga_agilex_atf_defconfig | 2 +
configs/socfpga_agilex_defconfig | 2 +
..._atf_defconfig => socfpga_agilex_vab_defconfig} | 4 +
configs/socfpga_stratix10_atf_defconfig | 2 +
configs/socfpga_stratix10_defconfig | 2 +
drivers/ddr/altera/Kconfig | 6 +-
drivers/fpga/Kconfig | 2 +-
drivers/sysreset/Kconfig | 2 +-
include/configs/socfpga_soc64_common.h | 10 +-
scripts/Makefile.spl | 7 +
23 files changed, 408 insertions(+), 30 deletions(-)
create mode 100644 arch/arm/mach-socfpga/include/mach/secure_vab.h
create mode 100644 arch/arm/mach-socfpga/secure_vab.c
create mode 100644 arch/arm/mach-socfpga/vab.c
copy configs/{socfpga_agilex_atf_defconfig => socfpga_agilex_vab_defconfig} (91%)
--
2.13.0
More information about the U-Boot
mailing list