Hi York, > -----Original Message----- > From: Sun York-R58495 > Sent: Tuesday, March 10, 2015 9:45 PM > To: Rana Gaurav-B46163; u-boot@lists.denx.de > Cc: Wood Scott-B07421; Gupta Ruchika-R66431; Bansal Aneesh-B39320 > Subject: Re: [PATCH] Add bootscript support to esbc_validate. > > > > On 03/10/2015 01:38 AM, Gaurav Rana wrote: > > 1. Default environment will be used for secure boot flow which can't > > be edited or saved. > > 2. Command for secure boot is predefined in the default environment > > which will run on autoboot (and autoboot is the only option allowed > > in case of secure boot) and it looks like this: > > #define CONFIG_SECBOOT \ > > "setenv bs_hdraddr 0xe8e00000;" \ > > "esbc_validate $bs_hdraddr;" \ > > "source $img_addr;" \ > > "esbc_halt;" > > #endif > > 3. Boot Script can contain esbc_validate commands and bootm command. > > Uboot source command used in default secure boot command will run > > the bootscript. > > 4. Command esbc_halt added to ensure either bootm executes after > > validation of images or core should just spin. > > > What's the purpose of "esbc_halt"? Once it enters the spin, how to get it > out? The purpose of bootscript is to validate the next level images and then pass control to it, so bootscript must contain a bootm command. We don't expect control to return back to u-boot. Hence a command esbc_halt is introduced which would make the core spin and not provide uboot prompt in case bootscript doesn't pass control to next level image. For secure chain of trust, only validated bootscript should be allowed to execute and be responsible for passing control to next level image.
Ruchika > > York _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
