From: Andrew F. Davis <afd@ti.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH v2 00/11] Allow secure boot on AM33xx devices
Date: Mon, 22 Aug 2016 10:21:20 -0500 [thread overview]
Message-ID: <20160822152131.15340-1-afd@ti.com> (raw)
Hello all,
I've recently been tasked with enabling authenticated boot for AM33xx based
devices. This work is similar to what has already been done for the AM43xx
and AM57xx SoCs and leverages much of the infrastructure from them.
The big difference here is the size of SRAM available on AM33xx being much
less than on the other SoCs, when performing a secure boot this limits
the maximum size of the SPL to just ~41k, the SPL currently generated for
AM33xx SoCs is ~70k. To trim down the SPL we move various options from
the config headers to the Kconfig system so we can selectively disable
them in HS specific defconfigs. These changes are added as RFC patches.
Thanks,
Andrew
Changes from v1:
- I've moved the cleanup patches to the end of the series and now
consider them RFCs. I also do not move any Kconfig options over
as this can be performed automatically but will need to be done
by someone who understands the build system better than me.
- Separate additional AM33xx SOC based boards out from the SoC
definition in patch #1.
Andrew F. Davis (11):
Kconfig: Separate AM33XX SOC config from target board config
am33xx: config.mk: Add support for additional secure boot image types
am33xx: config.mk: Fix option used to enable SPI SPL image type
doc: Update info on using AM33xx secure devices from TI
ti: omap-common: Allow AM33xx devices to be built securely
board: am33xx-hs: spl: Allow post-processing of FIT image on AM33xx
omap: Use SD_BOOT in place of EMMC_BOOT
config: Remove usage of CONFIG_STORAGE_EMMC
spl: Kconfig: Add SPL_<media>_SUPPORT as Kconfig option
spl: Kconfig: Add SPL_<media>_BOOT as Kconfig option
spl: Kconfig: Add CONFIG_SPL_TEXT_BASE as Kconfig option
Kconfig | 8 ++++
arch/arm/Kconfig | 51 +++++---------------
arch/arm/cpu/armv7/am33xx/Kconfig | 49 +++++++++++++++++++
arch/arm/cpu/armv7/am33xx/config.mk | 29 ++++++++++--
arch/arm/cpu/armv7/omap-common/Kconfig | 2 +-
board/ti/am335x/board.c | 8 ++++
board/ti/am335x/mux.c | 4 +-
common/Kconfig | 76 ++++++++++++++++++++++++++++++
common/spl/Kconfig | 54 +++++++++++++++++++++
configs/am335x_baltos_defconfig | 1 +
configs/am335x_boneblack_defconfig | 3 +-
configs/am335x_boneblack_vboot_defconfig | 4 +-
configs/am335x_evm_defconfig | 1 +
configs/am335x_evm_nor_defconfig | 1 +
configs/am335x_evm_norboot_defconfig | 1 +
configs/am335x_evm_spiboot_defconfig | 1 +
configs/am335x_evm_usbspl_defconfig | 1 +
configs/am335x_igep0033_defconfig | 1 +
configs/am335x_shc_defconfig | 1 +
configs/am335x_shc_ict_defconfig | 1 +
configs/am335x_shc_netboot_defconfig | 1 +
configs/am335x_shc_prompt_defconfig | 1 +
configs/am335x_shc_sdboot_defconfig | 1 +
configs/am335x_shc_sdboot_prompt_defconfig | 1 +
configs/am335x_sl50_defconfig | 3 +-
configs/brppt1_mmc_defconfig | 3 +-
configs/brppt1_spi_defconfig | 3 +-
doc/README.ti-secure | 32 +++++++++++++
include/configs/am335x_evm.h | 4 +-
include/configs/am335x_shc.h | 2 -
include/configs/am335x_sl50.h | 4 +-
include/configs/bav335x.h | 4 +-
include/configs/brppt1.h | 6 +--
include/configs/ti_am335x_common.h | 2 +
34 files changed, 299 insertions(+), 65 deletions(-)
create mode 100644 common/spl/Kconfig
--
2.9.3
next reply other threads:[~2016-08-22 15:21 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-22 15:21 Andrew F. Davis [this message]
2016-08-22 15:21 ` [U-Boot] [PATCH v2 01/11] Kconfig: Separate AM33XX SOC config from target board config Andrew F. Davis
2016-08-26 20:12 ` Tom Rini
2016-08-22 15:21 ` [U-Boot] [PATCH v2 02/11] am33xx: config.mk: Add support for additional secure boot image types Andrew F. Davis
2016-08-22 15:21 ` [U-Boot] [PATCH v2 03/11] am33xx: config.mk: Fix option used to enable SPI SPL image type Andrew F. Davis
2016-08-22 15:21 ` [U-Boot] [PATCH v2 04/11] doc: Update info on using AM33xx secure devices from TI Andrew F. Davis
2016-08-22 15:21 ` [U-Boot] [PATCH v2 05/11] ti: omap-common: Allow AM33xx devices to be built securely Andrew F. Davis
2016-08-22 15:21 ` [U-Boot] [PATCH v2 06/11] board: am33xx-hs: spl: Allow post-processing of FIT image on AM33xx Andrew F. Davis
2016-08-22 15:21 ` [U-Boot] [RFC PATCH v2 07/11] omap: Use SD_BOOT in place of EMMC_BOOT Andrew F. Davis
2016-08-22 15:21 ` [U-Boot] [RFC PATCH v2 08/11] config: Remove usage of CONFIG_STORAGE_EMMC Andrew F. Davis
2016-08-22 15:21 ` [U-Boot] [RFC PATCH v2 09/11] spl: Kconfig: Add SPL_<media>_SUPPORT as Kconfig option Andrew F. Davis
2016-08-23 6:08 ` Masahiro Yamada
2016-08-23 15:02 ` Andrew F. Davis
2016-08-26 20:06 ` Tom Rini
2016-08-22 15:21 ` [U-Boot] [RFC PATCH v2 10/11] spl: Kconfig: Add SPL_<media>_BOOT " Andrew F. Davis
2016-08-22 15:21 ` [U-Boot] [RFC PATCH v2 11/11] spl: Kconfig: Add CONFIG_SPL_TEXT_BASE " Andrew F. Davis
2016-08-23 5:45 ` Masahiro Yamada
2016-08-23 14:57 ` Andrew F. Davis
2016-08-26 17:59 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160822152131.15340-1-afd@ti.com \
--to=afd@ti.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox