[PATCH next v7 00/12] aspeed: Support secure boot chain with FIT image verification
ChiaWei Wang
chiawei_wang at aspeedtech.com
Mon Oct 25 04:43:26 CEST 2021
Thank you all for the review comments and tags.
I will prepare the v8 patch with tag included and comments addressed.
In addition, as DM_HASH has been merged into the master branch.
The v8 patch will be rebased on the master branch.
Thanks,
Chiawei
> From: U-Boot <u-boot-bounces at lists.denx.de> On Behalf Of Chia-Wei Wang
> Sent: Wednesday, October 20, 2021 10:49 AM
>
> This patch series intends to provide a secure boot chain from SPL to Linux
> kernel based on the hash and signature verification of FIT image paradigm.
>
> To improve the performance and save code size (SPL is limited to 64KB due to
> HW-RoT), the drviers of two HW crypto engine HACE and ACRY are also added
> for AST26xx SoCs.
>
> As HACE and ACRY can only access to DRAM space, additional configuration
> and boot command are also updated according to move each FIT image before
> its booting.
>
> In addition, the common code of FIT image hash algorithm lookup is also
> revised to leverage the HW accelerated calculation.
>
> v7:
> - fix missing interrupt status clear for ACRY RSA operation
>
> v6:
> - fix parameter comment for v5 update
>
> v5:
> - fix inconsistent parameter name due to parallel patch work
>
> v4:
> - add new DM_HASH based driver for Aspeed HACE
> - remove SPL board init, which was originally used to probe non-DM HACE
> driver
> - fix typo of ARCY to ACRY
> - refactor defconfig based on the new Kconfig of U-Boot next branch
>
> v3:
> - add SW work around for HACE HW DMA issue by resetting HACE
> - add reset control for HACE device tree node
> - sync all of the HACE error message to use debug()
>
> v2:
> - update commit authors
>
> Chia-Wei Wang (9):
> image: fit: Fix parameter name for hash algorithm
> aspeed: ast2600: Enlarge SRAM size
> clk: ast2600: Add RSACLK control for ACRY
> crypto: aspeed: Add AST2600 ACRY support
> ARM: dts: ast2600: Add ACRY to device tree
> ast2600: spl: Locate load buffer in DRAM space
> configs: ast2600-evb: Enable SPL FIT support
> configs: aspeed: Make EXTRA_ENV_SETTINGS board specific
> configs: ast2600: Boot kernel FIT in DRAM
>
> Joel Stanley (2):
> clk: ast2600: Add YCLK control for HACE
> ARM: dts: ast2600: Add HACE to device tree
>
> Johnny Huang (1):
> crypto: aspeed: Add AST2600 HACE support
>
> arch/arm/dts/ast2600-evb.dts | 10 +
> arch/arm/dts/ast2600.dtsi | 17 +
> arch/arm/include/asm/arch-aspeed/platform.h | 2 +-
> .../arm/include/asm/arch-aspeed/scu_ast2600.h | 6 +-
> arch/arm/mach-aspeed/ast2600/spl.c | 9 +-
> common/image-fit.c | 4 +-
> configs/evb-ast2600_defconfig | 22 +-
> drivers/clk/aspeed/clk_ast2600.c | 38 ++
> drivers/crypto/Kconfig | 2 +
> drivers/crypto/Makefile | 1 +
> drivers/crypto/aspeed/Kconfig | 20 +
> drivers/crypto/aspeed/Makefile | 2 +
> drivers/crypto/aspeed/aspeed_acry.c | 190 +++++++++
> drivers/crypto/aspeed/aspeed_hace.c | 381
> ++++++++++++++++++
> drivers/crypto/hash/Kconfig | 8 +
> include/configs/aspeed-common.h | 9 -
> include/configs/evb_ast2500.h | 9 +
> include/configs/evb_ast2600.h | 16 +
> lib/rsa/Kconfig | 10 +-
> 19 files changed, 729 insertions(+), 27 deletions(-) create mode 100644
> drivers/crypto/aspeed/Kconfig create mode 100644
> drivers/crypto/aspeed/Makefile create mode 100644
> drivers/crypto/aspeed/aspeed_acry.c
> create mode 100644 drivers/crypto/aspeed/aspeed_hace.c
>
> --
> 2.17.1
More information about the U-Boot
mailing list