From mboxrd@z Thu Jan 1 00:00:00 1970 From: Lokesh Vutla Date: Fri, 17 Jun 2016 09:56:42 +0530 Subject: [U-Boot] [RFC 6/9] arm: omap5: add FIT image post process function In-Reply-To: <1466018801-18044-7-git-send-email-dannenberg@ti.com> References: <1466018801-18044-1-git-send-email-dannenberg@ti.com> <1466018801-18044-7-git-send-email-dannenberg@ti.com> Message-ID: <57637C02.2030606@ti.com> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On Thursday 16 June 2016 12:56 AM, Andreas Dannenberg wrote: > From: Daniel Allred > > Adds a board specific FIT image post processing function for when > CONFIG_SECURE_BOOT is defined. Also update the omap common config > header to enable CONFIG_SECURE_BOOT always for secure TI devices > (CONFIG_TI_SECURE_DEVICE is defined). > > Signed-off-by: Daniel Allred > Signed-off-by: Andreas Dannenberg > --- > board/ti/am57xx/board.c | 7 +++++++ > board/ti/dra7xx/evm.c | 7 +++++++ > include/configs/ti_omap5_common.h | 4 ++++ > 3 files changed, 18 insertions(+) > > diff --git a/board/ti/am57xx/board.c b/board/ti/am57xx/board.c > index 08cf14d..a9635c2 100644 > --- a/board/ti/am57xx/board.c > +++ b/board/ti/am57xx/board.c > @@ -750,3 +750,10 @@ int board_fit_config_name_match(const char *name) > return -1; > } > #endif > + > +#ifdef CONFIG_SECURE_BOOT > +void board_fit_image_post_process(void **p_image, size_t *p_size) > +{ > + secure_boot_verify_image(p_image, p_size); > +} > +#endif > diff --git a/board/ti/dra7xx/evm.c b/board/ti/dra7xx/evm.c > index 3fbbc9b..03eefb6 100644 > --- a/board/ti/dra7xx/evm.c > +++ b/board/ti/dra7xx/evm.c > @@ -739,3 +739,10 @@ int board_fit_config_name_match(const char *name) > return -1; > } > #endif > + > +#ifdef CONFIG_SECURE_BOOT > +void board_fit_image_post_process(void **p_image, size_t *p_size) > +{ > + secure_boot_verify_image(p_image, p_size); > +} > +#endif > diff --git a/include/configs/ti_omap5_common.h b/include/configs/ti_omap5_common.h > index 2e4c8e9..9db6da2 100644 > --- a/include/configs/ti_omap5_common.h > +++ b/include/configs/ti_omap5_common.h > @@ -138,6 +138,10 @@ > * print some information. > */ > #ifdef CONFIG_TI_SECURE_DEVICE > + > +/* Always enforce for secure devices */ > +#define CONFIG_SECURE_BOOT Can you make this a Kconfig option? You are enabling it for GP devices as well. What happens in GP devices? Thanks and regards, Lokesh > + > /* > * For memory booting on HS parts, the first 4KB of the internal RAM is > * reserved for secure world use and the flash loader image is >