From: Tom Rini <trini@ti.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH v3 0/14] Minor improvements to secure boot and enable on beaglebone
Date: Wed, 11 Jun 2014 18:18:27 -0400 [thread overview]
Message-ID: <20140611221827.GC7841@bill-the-cat> (raw)
In-Reply-To: <1401768297-7198-1-git-send-email-sjg@chromium.org>
On Mon, Jun 02, 2014 at 10:04:43PM -0600, Simon Glass wrote:
> This series fixes a few problems that have come up since the secure boot
> series was merged:
>
> - A recent commit broken the assumption that u-boot.bin ends at a known
> address (thus making things appended to U-Boot inaccessible from the code).
> This is fixed for Beaglebone and a few other boards. A new test is added to
> the Makefile to ensure that it does not break again. All boards have been
> tested to make sure the problem does not appear elsewhere.
>
> - A way is needed to provide an externally-build device tree binary for
> U-Boot. This allows signing to happen outside the U-Boot build system.
>
> - The .img files generated by an OMAP build need to include the FDT if one
> is appended.
>
> - Adding signatures to an FDT can cause the FDT to run out of space. The
> fix is to regenerate the FDT from scratch with different dtc parameters, so
> pretty painful. Instead, we automatically expand the FDT.
>
> The last commit enables verified boot on a Beaglebone Black with a special
> configuration. Use 'am335x_boneblack_vboot' for this. This will soon disable
> support for legacy images.
>
> Changes in v3:
> - Add new patch to ensure the hash section is inside the image for cm_t335
> - Add new patch to ensure the hash section is inside the image for mx31ads
> - Rebase to master and update commit message
> - Fix typo in commit message
> - Add new patch to improve error handling in fit_common
> - Rebase to master
> - Also enable LZO and timestamps, plus increase the maximum kernel size
> - Use verified boot only on a new board - am335x_boneblack_vboot
>
> Changes in v2:
> - Add new patch to ensure the hash section is inside the image for am335x
> - Add new patch to check u-boot.bin size against symbol table
> - Update to cover all omap devices
> - Adjust for kbuild changes
> - Fix line over 80cols
> - Move device tree files into arch/arm/dts
Note that I applied this directly to master since it's largely TI boards
or generic code, I hope you don't mind Albert.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20140611/800f9765/attachment.pgp>
prev parent reply other threads:[~2014-06-11 22:18 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-03 4:04 [U-Boot] [PATCH v3 0/14] Minor improvements to secure boot and enable on beaglebone Simon Glass
2014-06-03 4:04 ` [U-Boot] [PATCH v3 01/14] ti: am335x: Fix the U-Boot binary output Simon Glass
2014-06-11 22:17 ` [U-Boot] [U-Boot, v3, " Tom Rini
2014-06-03 4:04 ` [U-Boot] [PATCH v3 02/14] cm_t335: " Simon Glass
2014-06-11 22:17 ` [U-Boot] [U-Boot, v3, " Tom Rini
2014-06-03 4:04 ` [U-Boot] [PATCH v3 03/14] mx31ads: " Simon Glass
2014-06-11 22:17 ` [U-Boot] [U-Boot, v3, " Tom Rini
2014-06-03 4:04 ` [U-Boot] [PATCH v3 04/14] Check that u-boot.bin size looks correct Simon Glass
2014-06-03 4:04 ` [U-Boot] [PATCH v3 05/14] am33xx/omap: Allow cache enable for all Sitara/OMAP Simon Glass
2014-06-11 22:17 ` [U-Boot] [U-Boot, v3, " Tom Rini
2014-06-03 4:04 ` [U-Boot] [PATCH v3 06/14] hash: Export the function to show a hash Simon Glass
2014-06-11 22:17 ` [U-Boot] [U-Boot, v3, " Tom Rini
2014-06-03 4:04 ` [U-Boot] [PATCH v3 07/14] fdt: Add DEV_TREE_BIN option to specify a device tree binary file Simon Glass
2014-06-10 5:59 ` Masahiro Yamada
2014-06-11 22:18 ` Tom Rini
2014-06-12 4:44 ` Simon Glass
2014-06-11 22:25 ` Simon Glass
2014-06-11 22:17 ` [U-Boot] [U-Boot, v3, " Tom Rini
2014-06-03 4:04 ` [U-Boot] [PATCH v3 08/14] fdt: Update functions which write to an FDT to return -ENOSPC Simon Glass
2014-06-11 22:17 ` [U-Boot] [U-Boot, v3, " Tom Rini
2014-06-03 4:04 ` [U-Boot] [PATCH v3 09/14] Improve error handling in fit_common Simon Glass
2014-06-11 22:18 ` [U-Boot] [U-Boot, v3, " Tom Rini
2014-06-03 4:04 ` [U-Boot] [PATCH v3 10/14] mkimage: Automatically make space in FDT when full Simon Glass
2014-06-11 22:18 ` [U-Boot] [U-Boot, v3, " Tom Rini
2014-06-03 4:04 ` [U-Boot] [PATCH v3 11/14] arm: ti: Increase malloc size to 16MB for armv7 boards Simon Glass
2014-06-11 22:18 ` [U-Boot] [U-Boot, v3, " Tom Rini
2014-06-03 4:04 ` [U-Boot] [PATCH v3 12/14] am33xx/omap: Enable CONFIG_OF_CONTROL Simon Glass
2014-06-11 22:18 ` [U-Boot] [U-Boot, v3, " Tom Rini
2014-06-03 4:04 ` [U-Boot] [PATCH v3 13/14] am33xx/omap: Enable FIT support Simon Glass
2014-06-11 22:18 ` [U-Boot] [U-Boot,v3,13/14] " Tom Rini
2014-06-03 4:04 ` [U-Boot] [PATCH v3 14/14] am33xx/omap: Add a new board to enable verified boot Simon Glass
2014-06-11 22:18 ` [U-Boot] [U-Boot, v3, " Tom Rini
2014-06-11 22:18 ` Tom Rini [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140611221827.GC7841@bill-the-cat \
--to=trini@ti.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox