[PATCH next v6 00/12] aspeed: Support secure boot chain with FIT image verification
Chia-Wei Wang
chiawei_wang at aspeedtech.com
Fri Oct 15 04:03:25 CEST 2021
This patch series intends to provide a secure boot chain from SPL to Linux kernel
based on the hash and signature verification of FIT image paradigm.
To improve the performance and save code size (SPL is limited to 64KB due to HW-RoT),
the drviers of two HW crypto engine HACE and ACRY are also added for AST26xx SoCs.
As HACE and ACRY can only access to DRAM space, additional configuration and
boot command are also updated according to move each FIT image before its booting.
In addition, the common code of FIT image hash algorithm lookup is also revised
to leverage the HW accelerated calculation.
v6:
- fix parameter comment for v5 update
v5:
- fix inconsistent parameter name due to parallel patch work
v4:
- add new DM_HASH based driver for Aspeed HACE
- remove SPL board init, which was originally used to probe non-DM HACE driver
- fix typo of ARCY to ACRY
- refactor defconfig based on the new Kconfig of U-Boot next branch
v3:
- add SW work around for HACE HW DMA issue by resetting HACE
- add reset control for HACE device tree node
- sync all of the HACE error message to use debug()
v2:
- update commit authors
Chia-Wei Wang (9):
image: fit: Fix parameter name for hash algorithm
aspeed: ast2600: Enlarge SRAM size
clk: ast2600: Add RSACLK control for ACRY
crypto: aspeed: Add AST2600 ACRY support
ARM: dts: ast2600: Add ACRY to device tree
ast2600: spl: Locate load buffer in DRAM space
configs: ast2600-evb: Enable SPL FIT support
configs: aspeed: Make EXTRA_ENV_SETTINGS board specific
configs: ast2600: Boot kernel FIT in DRAM
Joel Stanley (2):
clk: ast2600: Add YCLK control for HACE
ARM: dts: ast2600: Add HACE to device tree
Johnny Huang (1):
crypto: aspeed: Add AST2600 HACE support
arch/arm/dts/ast2600-evb.dts | 10 +
arch/arm/dts/ast2600.dtsi | 17 +
arch/arm/include/asm/arch-aspeed/platform.h | 2 +-
.../arm/include/asm/arch-aspeed/scu_ast2600.h | 6 +-
arch/arm/mach-aspeed/ast2600/spl.c | 9 +-
common/image-fit.c | 4 +-
configs/evb-ast2600_defconfig | 22 +-
drivers/clk/aspeed/clk_ast2600.c | 38 ++
drivers/crypto/Kconfig | 2 +
drivers/crypto/Makefile | 1 +
drivers/crypto/aspeed/Kconfig | 20 +
drivers/crypto/aspeed/Makefile | 2 +
drivers/crypto/aspeed/aspeed_acry.c | 182 +++++++++
drivers/crypto/aspeed/aspeed_hace.c | 381 ++++++++++++++++++
drivers/crypto/hash/Kconfig | 8 +
include/configs/aspeed-common.h | 9 -
include/configs/evb_ast2500.h | 9 +
include/configs/evb_ast2600.h | 16 +
lib/rsa/Kconfig | 10 +-
19 files changed, 721 insertions(+), 27 deletions(-)
create mode 100644 drivers/crypto/aspeed/Kconfig
create mode 100644 drivers/crypto/aspeed/Makefile
create mode 100644 drivers/crypto/aspeed/aspeed_acry.c
create mode 100644 drivers/crypto/aspeed/aspeed_hace.c
--
2.17.1
More information about the U-Boot
mailing list