From mboxrd@z Thu Jan 1 00:00:00 1970 From: Srinivas, Madan Date: Fri, 2 Sep 2016 12:48:56 -0400 Subject: [U-Boot] [PATCH v2 0/7] Adds support for secure boot on Keystone SoCs (K2E) In-Reply-To: References: <1472706282-6772-1-git-send-email-madans@ti.com> Message-ID: <57C9AD78.5010901@ti.com> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On 9/2/2016 12:25 AM, Lokesh Vutla wrote: > > > On Thursday 01 September 2016 10:34 AM, Madan Srinivas wrote: >> This series adds support for secure keystone family of devices, more >> specifically for K2E (Edison).This work is similar to what has already >> been done for the AM43xx and AM57xx SoCs and leverages much of the >> infrastructure from them. >> >> The big difference here is the ROM on keystone2 devices does not provide >> any APIs for image authentication. Rather, the image authentication and >> decryption routines and other security functions are provided by >> software and can run on the ARM in Trustzone as well as on secure DSPs. >> >> A component known as the boot monitor acts as they gateway to this secure >> processing, and abstracts out the details from the public world. Unlike >> OMAP class devices, where u-boot calls ROM APIs, u-boot calls into the boot- >> monitor on keystone devices. >> >> Other than this difference, most of the secure framework for AMxx and >> DRAxx devices have been re-used. >> >> Couple of other points to note :- >> >> -Support for SPL on secure keystone devices is still TBD, >> so boot from SPI flash, which needs SPL, is not supported currently >> on K2 devices. >> >> -A single image will work across all other boot media for secure K2 >> devices. > > Overall looks good to me. What happened to the early abort seen on H2 HS > devices. How are you handling it? > > Thanks and regards, > Lokesh > The early abort is being handled in the boot monitor code. When the abort handler is implemented in u-boot, we can remove it from the boot monitor. Regards, Madan >> >> Changes in v2: >> - Corrects typo in commit message for PATCH 1/7 in this series >> - The following changes are made to mon.c based on review comments >> Adds NULL pointer check before calling authentication interface >> Removes an unnecessary printf >> Updates size of signed FIT blob after post processing removes header >> - Adds a new name for the signed output image in config_secure.mk >> to keep it in line with the image name used by non-secure keystone >> devices. >> - Changes the target for secure keystone devices in config.mk >> to u-boot_HS_MLO to keep it in line with the MLO target that >> is built for non-secure keystone devices. >> - Updates k2e_hs_evm_defconfig to reduce the delta seen if one >> regenerates it using savedefconfig or similar tools. >> >> Madan Srinivas (4): >> include: image.h: Fixes build warning with >> CONFIG_FIT_IMAGE_POST_PROCESS >> arm: omap-common: adds secure image name common to OMAP and keystone >> arm: mach-keystone: config.mk: Adds support for secure images on K2 >> doc: Updates info on using keystone secure devices from TI >> >> Vitaly Andrianov (3): >> arm: mach-keystone: Implements FIT post-processing call for keystone >> SoCs >> arm: omap-common: Enable support for K2 HS devices in u-boot >> configs: Adds a defconfig for K2E High Security EVM >> >> arch/arm/cpu/armv7/omap-common/Kconfig | 2 +- >> arch/arm/cpu/armv7/omap-common/config_secure.mk | 6 +++ >> arch/arm/mach-keystone/config.mk | 6 +++ >> arch/arm/mach-keystone/mon.c | 55 +++++++++++++++++++++++++ >> configs/k2e_hs_evm_defconfig | 43 +++++++++++++++++++ >> doc/README.ti-secure | 20 +++++++++ >> include/image.h | 3 +- >> 7 files changed, 133 insertions(+), 2 deletions(-) >> create mode 100644 configs/k2e_hs_evm_defconfig >>