From: Tom Rini <trini@konsulko.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [U-Boot, 4/4] arm: mach-keystone: Updates mon_install for K2G HS
Date: Wed, 26 Jul 2017 15:50:48 -0400 [thread overview]
Message-ID: <20170726195048.GV26163@bill-the-cat> (raw)
In-Reply-To: <20170717175915.12898-5-afd@ti.com>
On Mon, Jul 17, 2017 at 12:59:15PM -0500, Andrew F. Davis wrote:
> From: Madan Srinivas <madans@ti.com>
>
> On early K2 devices (eg. K2HK) the secure ROM code does not support
> loading secure code to firewall protected memory, before decrypting,
> authenticating and executing it.
>
> To load the boot monitor on these devices, it is necessary to first
> authenticate and run a copy loop from non-secure memory that copies
> the boot monitor behind firewall protected memory, before decrypting
> and executing it.
>
> On K2G, the secure ROM does not allow secure code executing from
> unprotected memory. Further, ROM first copies the signed and encrypted
> image into firewall protected memory, then decrypts, authenticates
> and executes it.
>
> As a result of this, we cannot use the copy loop for K2G. The
> mon_install has to be modified to pass the address the signed and
> encrypted secure boot monitor image to the authentication API.
>
> For backward compatibility with other K2 devices and K2G GP,
> the mon_install API still supports a single argument. In this case
> the second argument is set to 0 by u-boot and is ignored by ROM
>
> Signed-off-by: Thanh Tran <thanh-tran@ti.com>
> Signed-off-by: Madan Srinivas <madans@ti.com>
> Reviewed-by: Tom Rini <trini@konsulko.com>
Applied to u-boot/master, thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20170726/ddbe3976/attachment.sig>
next prev parent reply other threads:[~2017-07-26 19:50 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-17 17:59 [U-Boot] [PATCH 0/4] Add default secure boot env for K2x Andrew F. Davis
2017-07-17 17:59 ` [U-Boot] [PATCH 1/4] configs: k2x_evm: Adds FIT loading environment variables Andrew F. Davis
2017-07-18 17:08 ` Tom Rini
2017-07-26 19:50 ` [U-Boot] [U-Boot, " Tom Rini
2017-07-17 17:59 ` [U-Boot] [PATCH 2/4] configs: k2x_evm: Adds environment variables for secure devices Andrew F. Davis
2017-07-18 17:08 ` Tom Rini
2017-07-26 19:50 ` [U-Boot] [U-Boot, " Tom Rini
2017-07-17 17:59 ` [U-Boot] [PATCH 3/4] configs: k2x_evm: Reorder default boot command Andrew F. Davis
2017-07-18 17:08 ` Tom Rini
2017-07-26 19:50 ` [U-Boot] [U-Boot, " Tom Rini
2017-07-17 17:59 ` [U-Boot] [PATCH 4/4] arm: mach-keystone: Updates mon_install for K2G HS Andrew F. Davis
2017-07-18 17:08 ` Tom Rini
2017-07-26 19:50 ` Tom Rini [this message]
2017-07-18 17:08 ` [U-Boot] [PATCH 0/4] Add default secure boot env for K2x Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170726195048.GV26163@bill-the-cat \
--to=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox