[U-Boot] [PATCH v2 7/7] doc: Update info on using K3 secure devices

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

From: Andrew F. Davis <afd@ti.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH v2 7/7] doc: Update info on using K3 secure devices
Date: Thu, 21 Feb 2019 16:35:12 -0600	[thread overview]
Message-ID: <20190221223512.8310-8-afd@ti.com> (raw)
In-Reply-To: <20190221223512.8310-1-afd@ti.com>

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Andreas Dannenberg <dannenberg@ti.com>
---
 doc/README.ti-secure | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/doc/README.ti-secure b/doc/README.ti-secure
index 76950253ac..27c0eaa77f 100644
--- a/doc/README.ti-secure
+++ b/doc/README.ti-secure
@@ -138,7 +138,7 @@ Booting of U-Boot SPL
 	<INPUT_FILE>
 
 	Invoking the script for Keystone2 Secure Devices
-	=============================================
+	================================================
 
 	create-boot-image.sh \
 		<UNUSED> <INPUT_FILE> <OUTPUT_FILE> <UNUSED>
@@ -157,6 +157,18 @@ Booting of U-Boot SPL
 		boot from all media. Secure boot from SPI NOR flash is not
 		currently supported.
 
+	Invoking the script for K3 Secure Devices
+	=========================================
+
+	The signing steps required to produce a bootable SPL image on secure
+	K3 TI devices are the same as those performed on non-secure devices.
+	The only difference is the key is not checked on non-secure devices so
+	a dummy key is used when building U-Boot for those devices. For secure
+	K3 TI devices simply use the real hardware key for your device. This
+	real key can be set with the Kconfig option "K3_KEY". The environment
+	variable TI_SECURE_DEV_PKG is also searched for real keys when the
+	build targets secure devices.
+
 Booting of Primary U-Boot (u-boot.img)
 ======================================
 
@@ -181,10 +193,8 @@ Booting of Primary U-Boot (u-boot.img)
 	is enabled through the CONFIG_SPL_FIT_IMAGE_POST_PROCESS option which
 	must be enabled for the secure boot scheme to work. In order to allow
 	verifying proper operation of the secure boot chain in case of successful
-	authentication messages like "Authentication passed: CERT_U-BOOT-NOD" are
-	output by the SPL to the console for each blob that got extracted from the
-	FIT image. Note that the last part of this log message is the (truncated)
-	name of the signing certificate embedded into the blob that got processed.
+	authentication messages like "Authentication passed" are output by the
+	SPL to the console for each blob that got extracted from the FIT image.
 
 	The exact details of the how the images are secured is handled by the
 	SECDEV package. Within the SECDEV package exists a script to process
-- 
2.19.1

next prev parent reply	other threads:[~2019-02-21 22:35 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-02-21 22:35 [U-Boot] [PATCH v2 0/7] AM65x HS device support Andrew F. Davis
2019-02-21 22:35 ` [U-Boot] [PATCH v2 1/7] arm: K3: Avoid use of MCU_PSRAM0 before SYSFW is loaded Andrew F. Davis
2019-02-21 23:10   ` Tom Rini
2019-04-10 15:24     ` Andrew F. Davis
2019-02-21 22:35 ` [U-Boot] [PATCH v2 2/7] firmware: ti_sci: Add support for firewall management Andrew F. Davis
2019-02-21 22:35 ` [U-Boot] [PATCH v2 3/7] firmware: ti_sci: Modify auth_boot TI-SCI API to match new version Andrew F. Davis
2019-02-21 22:35 ` [U-Boot] [PATCH v2 4/7] arm: mach-k3: Add secure device support Andrew F. Davis
2019-02-21 22:35 ` [U-Boot] [PATCH v2 5/7] arm: mach-k3: Add secure device build support Andrew F. Davis
2019-02-21 22:35 ` [U-Boot] [PATCH v2 6/7] configs: Add a config for AM65x High Security EVM Andrew F. Davis
2019-02-21 22:35 ` Andrew F. Davis [this message]
2019-04-12 16:27 ` [U-Boot] [U-Boot,v2,0/7] AM65x HS device support Tom Rini
2019-04-12 16:55   ` Andrew F. Davis

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:76950253a dfblob:27c0eaa77 )
 OR (
bs:"[U-Boot] [PATCH v2 7/7] doc: Update info on using K3 secure devices" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190221223512.8310-8-afd@ti.com \
    --to=afd@ti.com \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox