[U-Boot] [PATCH v2 0/7] Adds support for secure boot on Keystone SoCs (K2E)

[Madan Srinivas <madans@ti.com>]

This series adds support for secure keystone family of devices, more
specifically for K2E (Edison).This work is similar to what has already
been done for the AM43xx and AM57xx SoCs and leverages much of the
infrastructure from them.

The big difference here is the ROM on keystone2 devices does not provide
any APIs for image authentication. Rather, the image authentication and
decryption routines and other security functions are provided by
software and can run on the ARM in Trustzone as well as on secure DSPs.

A component known as the boot monitor acts as they gateway to this secure
processing, and abstracts out the details from the public world. Unlike
OMAP class devices, where u-boot calls ROM APIs, u-boot calls into the boot-
monitor on keystone devices.

Other than this difference, most of the secure framework for AMxx and
DRAxx devices have been re-used.

Couple of other points to note :-

	-Support for SPL on secure keystone devices is still TBD,
	so boot from SPI flash, which needs SPL, is not supported currently
	on K2 devices.

	-A single image will work across all other boot media for secure K2
	devices.

Changes in v2:
- Corrects typo in commit message for PATCH 1/7 in this series
- The following changes are  made to mon.c based on review comments
	Adds NULL pointer check before calling authentication interface
	Removes an unnecessary printf
	Updates size of signed FIT blob after post processing removes header
- Adds a new name for the signed output image in config_secure.mk
  to keep it in line with the image name used by non-secure keystone
  devices.
- Changes the target for secure keystone devices in config.mk
  to u-boot_HS_MLO to keep it in line with the MLO target that
  is built for non-secure keystone devices.
- Updates k2e_hs_evm_defconfig to reduce the delta seen if one
  regenerates it using savedefconfig or similar tools.

Madan Srinivas (4):
  include: image.h: Fixes build warning with
    CONFIG_FIT_IMAGE_POST_PROCESS
  arm: omap-common: adds secure image name common to OMAP and keystone
  arm: mach-keystone: config.mk: Adds support for secure images on K2
  doc: Updates info on using keystone secure devices from TI

Vitaly Andrianov (3):
  arm: mach-keystone: Implements FIT post-processing call for keystone
    SoCs
  arm: omap-common: Enable support for K2 HS devices in u-boot
  configs: Adds a defconfig for K2E High Security EVM

 arch/arm/cpu/armv7/omap-common/Kconfig          |  2 +-
 arch/arm/cpu/armv7/omap-common/config_secure.mk |  6 +++
 arch/arm/mach-keystone/config.mk                |  6 +++
 arch/arm/mach-keystone/mon.c                    | 55 +++++++++++++++++++++++++
 configs/k2e_hs_evm_defconfig                    | 43 +++++++++++++++++++
 doc/README.ti-secure                            | 20 +++++++++
 include/image.h                                 |  3 +-
 7 files changed, 133 insertions(+), 2 deletions(-)
 create mode 100644 configs/k2e_hs_evm_defconfig

-- 
2.7.4