From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tom Rini Date: Wed, 11 Jun 2014 18:18:27 -0400 Subject: [U-Boot] [PATCH v3 0/14] Minor improvements to secure boot and enable on beaglebone In-Reply-To: <1401768297-7198-1-git-send-email-sjg@chromium.org> References: <1401768297-7198-1-git-send-email-sjg@chromium.org> Message-ID: <20140611221827.GC7841@bill-the-cat> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On Mon, Jun 02, 2014 at 10:04:43PM -0600, Simon Glass wrote: > This series fixes a few problems that have come up since the secure boot > series was merged: > > - A recent commit broken the assumption that u-boot.bin ends at a known > address (thus making things appended to U-Boot inaccessible from the code). > This is fixed for Beaglebone and a few other boards. A new test is added to > the Makefile to ensure that it does not break again. All boards have been > tested to make sure the problem does not appear elsewhere. > > - A way is needed to provide an externally-build device tree binary for > U-Boot. This allows signing to happen outside the U-Boot build system. > > - The .img files generated by an OMAP build need to include the FDT if one > is appended. > > - Adding signatures to an FDT can cause the FDT to run out of space. The > fix is to regenerate the FDT from scratch with different dtc parameters, so > pretty painful. Instead, we automatically expand the FDT. > > The last commit enables verified boot on a Beaglebone Black with a special > configuration. Use 'am335x_boneblack_vboot' for this. This will soon disable > support for legacy images. > > Changes in v3: > - Add new patch to ensure the hash section is inside the image for cm_t335 > - Add new patch to ensure the hash section is inside the image for mx31ads > - Rebase to master and update commit message > - Fix typo in commit message > - Add new patch to improve error handling in fit_common > - Rebase to master > - Also enable LZO and timestamps, plus increase the maximum kernel size > - Use verified boot only on a new board - am335x_boneblack_vboot > > Changes in v2: > - Add new patch to ensure the hash section is inside the image for am335x > - Add new patch to check u-boot.bin size against symbol table > - Update to cover all omap devices > - Adjust for kbuild changes > - Fix line over 80cols > - Move device tree files into arch/arm/dts Note that I applied this directly to master since it's largely TI boards or generic code, I hope you don't mind Albert. -- Tom -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: