From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eric Nelson Date: Thu, 11 Jul 2013 13:40:52 -0700 Subject: [U-Boot] [PATCH v1 0/7] The patchset fixes some issue in the generation of the imx image In-Reply-To: <1373548001-19728-1-git-send-email-sbabic@denx.de> References: <1373548001-19728-1-git-send-email-sbabic@denx.de> Message-ID: <51DF1854.5080202@boundarydevices.com> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Thanks Stefano, On 07/11/2013 06:06 AM, Stefano Babic wrote: > (header for Freescale's i.MX processors) to allow the usage of > Freescale's tools to sign the u-boot image and provide a secure boot. > > This has nothing to do with the Secure Boot extensions implemented by > Simon Glass, that can be in any case used to boot later a secure image. > Freescale's secure boot ensures that a signed bootloader > is started only if it is verified with a key that is burned into the iMX fuses. > Documentation about the Freescale's secure process can be read from the > AN4591, available on the Freescale's Website. > > The patchset allows to add to the imx Header the CSF (command Sequence File) > generated by the tools provided by Freescale. The CSF is then simply concatenated > to the u-boot image, making a signed bootloader, that the processor can verify > if the fuses for the keys are burned. The processor (i.MX53 / i.MX6x) will not > start a bootloader that cannot be verified - further infos how to configure > the SOC to verify the bootloader can be found in the User Manual of the specific > SOC. > > Next step is to verify the kernel, that can be still done using Simon's patches for > verified boot (CONFIG_OF_CONTROL must be set in the board configuarion file). > I compile-tested the series against all of our boards (boundary/boundary/* and board/freescale/mx6qsabrelite). Run-time tests (without signing) against nitrogen6s (solo) and nitrogen6q (quad). Both ran without a hitch. Now we need to get configured for signing and burn some fuses!