From: Bryan Brattlof <bb@ti.com>
To: Tom Rini <trini@konsulko.com>,
Vignesh Raghavendra <vigneshr@ti.com>, Andrew Davis <afd@ti.com>,
Judith Mendez <jm@ti.com>, Kamlesh Gurudasani <kamlesh@ti.com>
Cc: UBoot Mailing List <u-boot@lists.denx.de>, Bryan Brattlof <bb@ti.com>
Subject: [PATCH 5/5] configs: am62a: use kernel fitImage when using secure bootflow
Date: Fri, 23 Dec 2022 19:15:25 -0600 [thread overview]
Message-ID: <20221224011525.4696-6-bb@ti.com> (raw)
In-Reply-To: <20221224011525.4696-1-bb@ti.com>
In order to maintain the chain of trust, each stage of the boot process
will first authenticate each binary it loads before continuing. To
extend this to the kernal and its dtbs we can package the kernal and
its dtbs into another fitImage for Uboot to authenticate and extend the
chain of trust all the way to the kernel.
When 'boot_fit' is set, indicating we're using the secure bootflow, look
for and authenticate the kernel's fitImage.
Signed-off-by: Judith Mendez <jm@ti.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
---
include/configs/am62ax_evm.h | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/include/configs/am62ax_evm.h b/include/configs/am62ax_evm.h
index 0bc0b13922f0f..ce5dcd34787fa 100644
--- a/include/configs/am62ax_evm.h
+++ b/include/configs/am62ax_evm.h
@@ -59,9 +59,14 @@
EXTRA_ENV_AM62A7_BOARD_SETTINGS_MMC \
"bootcmd_ti_mmc=" \
"run findfdt; run envboot; run init_mmc;" \
- "run get_kern_mmc; run get_fdt_mmc;" \
- "run get_overlay_mmc;" \
- "run run_kern;\0"
+ "if test ${boot_fit} -eq 1; then;" \
+ "run get_fit_mmc; run get_overlaystring;" \
+ "run run_fit;" \
+ "else;" \
+ "run get_kern_mmc; run get_fdt_mmc;" \
+ "run get_overlay_mmc;" \
+ "run run_kern;" \
+ "fi;\0"
#define BOOTENV_DEV_NAME_TI_MMC(devtyeu, devtypel, instance) \
"ti_mmc "
--
2.39.0
next prev parent reply other threads:[~2022-12-24 1:16 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-24 1:15 [PATCH 0/5] add support for hs bootflows to am62a Bryan Brattlof
2022-12-24 1:15 ` [PATCH 1/5] configs: restrict am62ax wakup SPL size Bryan Brattlof
2023-01-11 2:16 ` Tom Rini
2022-12-24 1:15 ` [PATCH 2/5] configs: am62a: move stack and heap to HSM RAM Bryan Brattlof
2023-01-11 2:17 ` Tom Rini
2022-12-24 1:15 ` [PATCH 3/5] arm: mach-k3: copy bootindex to OCRAM for main domain SPL Bryan Brattlof
2023-01-11 2:17 ` Tom Rini
2022-12-24 1:15 ` [PATCH 4/5] configs: am62a: convert bootcmd to distro_bootcmd Bryan Brattlof
2023-01-11 2:17 ` Tom Rini
2022-12-24 1:15 ` Bryan Brattlof [this message]
2023-01-11 2:17 ` [PATCH 5/5] configs: am62a: use kernel fitImage when using secure bootflow Tom Rini
2022-12-29 9:14 ` [PATCH 0/5] add support for hs bootflows to am62a Kamlesh Gurudasani
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221224011525.4696-6-bb@ti.com \
--to=bb@ti.com \
--cc=afd@ti.com \
--cc=jm@ti.com \
--cc=kamlesh@ti.com \
--cc=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
--cc=vigneshr@ti.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox