From: "Ivan T. Ivanov" <iivanov@suse.de>
To: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>,
Rob Herring <robh+dt@kernel.org>,
Krzysztof Kozlowski <krzysztof.kozlowski+dt@linaro.org>
Cc: Nicolas Saenz Julienne <nsaenz@kernel.org>,
Florian Fainelli <f.fainelli@gmail.com>,
Stefan Wahren <stefan.wahren@i2se.com>,
linux-rpi-kernel@lists.infradead.org,
linux-arm-kernel@lists.infradead.org, devicetree@vger.kernel.org,
Tim Gover <tim.gover@raspberrypi.com>,
"Ivan T . Ivanov" <iivanov@suse.de>
Subject: [PATCH v3 2/3] ARM: dts: Add nvmem node for BCM2711 bootloader public key
Date: Thu, 20 Apr 2023 15:29:23 +0300 [thread overview]
Message-ID: <20230420122924.37997-3-iivanov@suse.de> (raw)
In-Reply-To: <20230420122924.37997-1-iivanov@suse.de>
From: Tim Gover <tim.gover@raspberrypi.com>
Make a copy of the bootloader secure-boot public key available to the OS
via an nvmem node. The placement information is populated by the
Raspberry Pi firmware[1] if a public key is present in the BCM2711
bootloader EEPROM.
[1] https://www.raspberrypi.com/documentation/computers/configuration.html#nvmem-nodes
Signed-off-by: Tim Gover <tim.gover@raspberrypi.com>
[iivanov] Added link to documentation.
Signed-off-by: Ivan T. Ivanov <iivanov@suse.de>
---
arch/arm/boot/dts/bcm2711-rpi.dtsi | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/arch/arm/boot/dts/bcm2711-rpi.dtsi b/arch/arm/boot/dts/bcm2711-rpi.dtsi
index 98817a6675b9..e30fbe84f9c3 100644
--- a/arch/arm/boot/dts/bcm2711-rpi.dtsi
+++ b/arch/arm/boot/dts/bcm2711-rpi.dtsi
@@ -15,6 +15,7 @@ aliases {
ethernet0 = &genet;
pcie0 = &pcie0;
blconfig = &blconfig;
+ blpubkey = &blpubkey;
};
};
@@ -67,6 +68,19 @@ blconfig: nvram@0 {
no-map;
status = "disabled";
};
+
+ /*
+ * RPi4 will copy the binary public key blob (if present) from the bootloader
+ * into memory for use by the OS.
+ */
+ blpubkey: nvram@1 {
+ compatible = "raspberrypi,bootloader-public-key", "nvmem-rmem";
+ #address-cells = <1>;
+ #size-cells = <1>;
+ reg = <0x0 0x0 0x0>;
+ no-map;
+ status = "disabled";
+ };
};
&v3d {
--
2.35.3
next prev parent reply other threads:[~2023-04-20 12:29 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-20 12:29 [PATCH v3 0/3] Add nvmem node for BCM2711 bootloader public key Ivan T. Ivanov
2023-04-20 12:29 ` [PATCH v3 1/3] dt-bindings: nvmem: rmem: Add raspberrypi,bootloader-public-key Ivan T. Ivanov
2023-04-21 7:56 ` Krzysztof Kozlowski
2023-05-12 10:20 ` Srinivas Kandagatla
2023-04-20 12:29 ` Ivan T. Ivanov [this message]
2023-04-21 7:55 ` [PATCH v3 2/3] ARM: dts: Add nvmem node for BCM2711 bootloader public key Krzysztof Kozlowski
2023-04-21 7:59 ` Tim Gover
2023-04-25 16:02 ` Stefan Wahren
2023-04-25 16:24 ` Tim Gover
2023-05-18 11:56 ` Ivan T . Ivanov
2023-04-20 12:29 ` [PATCH v3 3/3] nvmem: rmem: Use NVMEM_DEVID_AUTO Ivan T. Ivanov
2023-05-12 10:21 ` Srinivas Kandagatla
2023-04-25 16:33 ` [PATCH v3 0/3] Add nvmem node for BCM2711 bootloader public key Stefan Wahren
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230420122924.37997-3-iivanov@suse.de \
--to=iivanov@suse.de \
--cc=devicetree@vger.kernel.org \
--cc=f.fainelli@gmail.com \
--cc=krzysztof.kozlowski+dt@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-rpi-kernel@lists.infradead.org \
--cc=nsaenz@kernel.org \
--cc=robh+dt@kernel.org \
--cc=srinivas.kandagatla@linaro.org \
--cc=stefan.wahren@i2se.com \
--cc=tim.gover@raspberrypi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).