From: Stefano Babic <sbabic@denx.de>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH v2] imx: mx6: Add support for MX6 plugin images
Date: Wed, 05 Nov 2014 18:20:42 +0100 [thread overview]
Message-ID: <545A5C6A.2090002@denx.de> (raw)
In-Reply-To: <87egth4oof.fsf@nbsps.com>
Hi Bill,
On 05/11/2014 17:06, Bill Pringlemeir wrote:
>
> This seems true that the SPL is another way to implement the 'plug-in'
> features as they relate to DCD.
Right.
> I think a portion not taken care of by SPL is 2nd and subsequent image
> verification.
Not for subsequent images, if the second image is U-Boot. U-Boot
supports secure boot via FIT images. Kernel and, generally, other images
can be authenticated. This is done without HAB.
If we are talking about SPL, that is true. SPL does not *yet* support to
authenticate the u-boot image.
> The HAB ROM loader will use the 'plug-in' to initialize
> and load to alternate media. However, when control returns, I think
> that the 2nd image is authenticated. In order to do the same in the
> SPL, you need to restrict the IRAM locations used and make calls to the
> ROM code or implement some other 2nd image authentication.
commit 36c1ca4d46ef11ac7b3c0afb5c42dadb4e8773f3 is supposed to do what
you are looking for. The authenticate_image() function is called to
verify an image via HAB.
> For non-secure boots, the SPL seems equivalent. With secondary image
> verification in the SPL, then I think it would be equivalent to the
> 'plug-in'. The SPL would be supported in all HAB versions. I don't
> know if the 'plug-in' is supported with earlier iMx series like the
> iMx2/3x series using HABv3.
It is not, as far as I know, and even not in MX51.
> So an SPL with image verification seems
> superior, even for the iMx series by itself.
Yes, fully agree.
Best regards,
Stefano Babic
--
=====================================================================
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic at denx.de
=====================================================================
prev parent reply other threads:[~2014-11-05 17:20 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-05 8:13 [U-Boot] [PATCH v2] imx: mx6: Add support for MX6 plugin images Ye.Li
2014-11-05 8:13 ` [U-Boot] [PATCH v2 2/4] imx: mx6q/dlarm2: Add support for building plugin image Ye.Li
2014-11-05 8:13 ` [U-Boot] [PATCH v2 3/4] imx: mx6slevk: " Ye.Li
2014-11-05 8:13 ` [U-Boot] [PATCH v2 4/4] imx: mx6sxsabresd: " Ye.Li
2014-11-05 8:41 ` [U-Boot] [PATCH v2] imx: mx6: Add support for MX6 plugin images Stefano Babic
2014-11-05 16:06 ` Bill Pringlemeir
2014-11-05 17:20 ` Stefano Babic [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=545A5C6A.2090002@denx.de \
--to=sbabic@denx.de \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox