[PATCH 00/10] phyCORE-AM62x/AM64x: Add RAUC and Secure Boot
Daniel Schultz
d.schultz at phytec.de
Fri Feb 7 07:44:49 CET 2025
On 06.02.25 18:07, Tom Rini wrote:
> On Thu, Feb 06, 2025 at 11:41:14AM +0100, Daniel Schultz wrote:
>> Hi,
>>
>> On 05.02.25 15:51, Tom Rini wrote:
>>> On Wed, Feb 05, 2025 at 12:01:36AM -0800, Daniel Schultz wrote:
>>>
>>>> This patch series adds support to boot PHYTEC's reference distros for
>>>> RAUC and Secure Boot.
>>>>
>>>> It adds a new Kconfig entry to embed the RAUC boot logic into the K3 MMC
>>>> boot logic. The boot flow itself got extended to run the raucinit function.
>>>>
>>>> It also adds Kconfig entries to pass private keys from an external location
>>>> to U-Boot to sign bootloader images. An additional config entries allows to
>>>> enable FIT image, because our Secure Boot implementation uses fitimages
>>>> instead of normal images.
>>> First, does CI pass with this series? Second, is this also based on the
>>> RAUC support to bootstd series? Thanks.
>> I just ran the CI tests and they pass:
>> https://github.com/u-boot/u-boot/pull/739
> Thanks. I was concerned that with keys and such we might run in to a
> failure to build in CI.
>
>> This is what we have for quite some time to boot RAUC or Secure Boot with
>> our downstream U-Boot. It's not really nice but working... Martin started to
>> work on bootstd implementation after we implemented that. Our plan is get
>> the current boot flow upstream and switch completely to bootstd later this
>> year. Afterwards, we would mark the current boot flow as legacy.
> How challenging for your plans would it be to not upstream the legacy
> path here and just build on the bootstd method entirely? I can certainly
> see why you need to support the legacy model commercially but if we can
> avoid adding it and intending to replace it in the community that would
> make a lower burden here long term. Thanks!
Sure, we can keep the current boot flow on our downstream U-Boot for now
and will add bootstd later here.
However, there are some patches in this series which are require to sign
images, device-trees, etc with external keys. I will send a v2 and drop
all boot flow related patches.
- Daniel
More information about the U-Boot
mailing list