From: York Sun <yorksun@freescale.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 3/4][v3] SECURE BOOT: Add command for validation of images
Date: Thu, 5 Mar 2015 12:15:59 -0800 [thread overview]
Message-ID: <54F8B97F.6070400@freescale.com> (raw)
In-Reply-To: <1425010535-22486-1-git-send-email-gaurav.rana@freescale.com>
On 02/26/2015 08:15 PM, Gaurav Rana wrote:
> 1. esbc_validate command is meant for validating header and
> signature of images (Boot Script and ESBC uboot client).
> SHA-256 and RSA operations are performed using SEC block in HW.
> This command works on both PBL based and Non PBL based Freescale
> platforms.
> Command usage:
> esbc_validate img_hdr_addr [pub_key_hash]
> 2. ESBC uboot client can be linux. Additionally, rootfs and device
> tree blob can also be signed.
> 3. In the event of header or signature failure in validation,
> ITS and ITF bits determine further course of action.
> 4. In case of soft failure, appropriate error is dumped on console.
> 5. In case of hard failure, SoC is issued RESET REQUEST after
> dumping error on the console.
> 6. KEY REVOCATION Feature:
> QorIQ platforms like B4/T4 have support of srk key table and key
> revocation in ISBC code in Silicon.
> The srk key table allows the user to have a key table with multiple
> keys and revoke any key in case of particular key gets compromised.
> In case the ISBC code uses the key revocation and srk key table to
> verify the u-boot code, the subsequent chain of trust should also
> use the same.
> 6. ISBC KEY EXTENSION Feature:
> This feature allows large number of keys to be used for esbc validation
> of images. A set of public keys is being signed and validated by ISBC
> which can be further used for esbc validation of images.
>
> Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
> ---
> Changes in v3:
> No change. Change in other patches of the patch set.
>
> Changes in v2:
> Copyright is changed in all the files in the patch.
Applied to u-boot-mpc85xx master after fixing commit message indentation,
awaiting for upstream.
York
prev parent reply other threads:[~2015-03-05 20:15 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-27 4:15 [U-Boot] [PATCH 3/4][v3] SECURE BOOT: Add command for validation of images Gaurav Rana
2015-03-05 20:15 ` York Sun [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54F8B97F.6070400@freescale.com \
--to=yorksun@freescale.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.