From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 5F13DC4332F for ; Sat, 24 Dec 2022 01:16:46 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 96FFB854D4; Sat, 24 Dec 2022 02:15:58 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=quarantine dis=none) header.from=ti.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=ti.com header.i=@ti.com header.b="F3uQjts4"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 6E8B2851DF; Sat, 24 Dec 2022 02:15:47 +0100 (CET) Received: from lelv0143.ext.ti.com (lelv0143.ext.ti.com [198.47.23.248]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 1C47D854B3 for ; Sat, 24 Dec 2022 02:15:40 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=quarantine dis=none) header.from=ti.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=bb@ti.com Received: from fllv0034.itg.ti.com ([10.64.40.246]) by lelv0143.ext.ti.com (8.15.2/8.15.2) with ESMTP id 2BO1FdUY115366; Fri, 23 Dec 2022 19:15:39 -0600 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1671844539; bh=VMMen7NXaarntDwcClDfY6oJ3+tNlueXo7p7CiB2Pwo=; h=From:To:CC:Subject:Date:In-Reply-To:References; b=F3uQjts4LZFD+UQmsvsN7kjLCzSxAi5FeU5bjLWuXa2yySeTXhvguyR4l5mINXyaH ZFBoqwkX9jqMOMGgZb/rBxcCpr/RnNCUF5vZH45TpqnegwmH8DtKma6R/r6D3V8E7T G+8AWTe5wifZbbm7S9LIHvfwKZraAhP5cGNkUvY0= Received: from DLEE110.ent.ti.com (dlee110.ent.ti.com [157.170.170.21]) by fllv0034.itg.ti.com (8.15.2/8.15.2) with ESMTPS id 2BO1FdDH055391 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 23 Dec 2022 19:15:39 -0600 Received: from DLEE104.ent.ti.com (157.170.170.34) by DLEE110.ent.ti.com (157.170.170.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.16; Fri, 23 Dec 2022 19:15:38 -0600 Received: from fllv0039.itg.ti.com (10.64.41.19) by DLEE104.ent.ti.com (157.170.170.34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.16 via Frontend Transport; Fri, 23 Dec 2022 19:15:38 -0600 Received: from localhost (ileaxei01-snat.itg.ti.com [10.180.69.5]) by fllv0039.itg.ti.com (8.15.2/8.15.2) with ESMTP id 2BO1Fcdf088874; Fri, 23 Dec 2022 19:15:38 -0600 From: Bryan Brattlof To: Tom Rini , Vignesh Raghavendra , Andrew Davis , Judith Mendez , Kamlesh Gurudasani CC: UBoot Mailing List , Bryan Brattlof Subject: [PATCH 5/5] configs: am62a: use kernel fitImage when using secure bootflow Date: Fri, 23 Dec 2022 19:15:25 -0600 Message-ID: <20221224011525.4696-6-bb@ti.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20221224011525.4696-1-bb@ti.com> References: <20221224011525.4696-1-bb@ti.com> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1420; i=bb@ti.com; h=from:subject; bh=A06cacN7b1ZUFf1kynBHHcXt6F1TTc95Dbtk/18G8ww=; b=owNCWmg5MUFZJlNZRHagVwAAX3///n7vc7Vy+yvfs5+f/u+7427/9W/33ffN/pn75/7fwv8wARmw Hamj1DQNAAA0A0NADIAAAaaABo0NNAADRoNAaaGQeoBpo0BtEMTQ0emk2REAAaaaaaNNDQBo0DQGjC aBoaaaMmQMgaBoDRkepkMQZGjTQZGTEMgyAGJkaAAhoxMJoGhk0aaDQAANGExNAaNAGJoAMmhhqABp kMmgA9IDQyAyaaBoAMmgDBlooCoFiEod+GP9NJxIdwkcihox4BaBMNMlIUAJ/vCN+j5sKmXLt0l479 0w/QOkLIo9IjBo1/NBHDm5DGOKCTqJdtDyMpwcdjbJxuBBKFvXbmJCYB/NhGjkQAJAouysLuvF71ba qfjAOyjNRCUhFmpKfB1tZ0xKPcfuCDUJy4jTaosdSfmPkDNASAmIfX+jrfV5QSIJSLJHFHIf3U3Y0Y +QZIEotC+/74UqfkQYUyQ4raPDKKVBf1DWs1lqWLaOxX4UBQIzSdyxz732oyBVpTGFQhxOuCFYWdgG CBMkCNz27fjU0r4Z9WKtC+gsvdKg4Jd5cC7I2kYSxpYElSK3tCMq9hMwu0c5FAuO/q/EHUNbokTA6B Z0Atht/eyrjeKRxrNNbAfLBe+CphLuKGGHJmWQoxwqemETM86gZ2BDaQ447VqSJf4u5IpwoSCI7UCu X-Developer-Key: i=bb@ti.com; a=openpgp; fpr=D3D177E40A38DF4D1853FEEF41B90D5D71D56CE0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean In order to maintain the chain of trust, each stage of the boot process will first authenticate each binary it loads before continuing. To extend this to the kernal and its dtbs we can package the kernal and its dtbs into another fitImage for Uboot to authenticate and extend the chain of trust all the way to the kernel. When 'boot_fit' is set, indicating we're using the secure bootflow, look for and authenticate the kernel's fitImage. Signed-off-by: Judith Mendez Signed-off-by: Bryan Brattlof --- include/configs/am62ax_evm.h | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/include/configs/am62ax_evm.h b/include/configs/am62ax_evm.h index 0bc0b13922f0f..ce5dcd34787fa 100644 --- a/include/configs/am62ax_evm.h +++ b/include/configs/am62ax_evm.h @@ -59,9 +59,14 @@ EXTRA_ENV_AM62A7_BOARD_SETTINGS_MMC \ "bootcmd_ti_mmc=" \ "run findfdt; run envboot; run init_mmc;" \ - "run get_kern_mmc; run get_fdt_mmc;" \ - "run get_overlay_mmc;" \ - "run run_kern;\0" + "if test ${boot_fit} -eq 1; then;" \ + "run get_fit_mmc; run get_overlaystring;" \ + "run run_fit;" \ + "else;" \ + "run get_kern_mmc; run get_fdt_mmc;" \ + "run get_overlay_mmc;" \ + "run run_kern;" \ + "fi;\0" #define BOOTENV_DEV_NAME_TI_MMC(devtyeu, devtypel, instance) \ "ti_mmc " -- 2.39.0