Hi, On 27 May 2015 at 21:41, <pratapna...@gmail.com> wrote: > Hi Simon, > Thanks for of your time and quick replies. The idea seems > to be good, but still confused with the way to implement it. Please help me > to give a final thought to solve this with the existing framework, sorry for > my inexperience with u-boot, kindly enlighten with the following: > > 1) How to sign the primary and secondary u-boot image with the same key, > after that do i need to write a routine similar to “bootm_find_os” or > “bootm_find_loadables" to find the secondary uboot image and load it into > the memory,
If the first U-Boot is in read-only flash then it cannot be updated, so does not need to be signed. If it is in read-write flash, then you probably can't prevent it being overwritten. You could protect half of the flash, perhaps, and put the read-only U-Boot in the proetced half. Yes you can write a simple routine to load it. > 2) can we have a dummy fit image with only secondary u-boot image within the > .its file for the first u-boot loader I don't understand this sorry. > 3)Sorry to ask you this, do you have any partial code i can follow and > shred some light to carry on further. I don't have anything that reads a read-write U-Boot and jumps to it, other than the Chrome OS code that i think you have. > > > I really thanks you to answer my all questions with patience,i would have > not disturbed you, but because of project dead-line i was forced to be > carried out with the situation. OK. Please try to make the questions clear so that I can understand what you are asking. > > Thanks, > pratap > Regards, Simon > > > > > > > On May 23, 2015, at 2:12 PM, Simon Glass <s...@chromium.org> wrote: > > Hi, > > On 23 May 2015 at 13:02, Maddimsetty Pratap <pratapna...@gmail.com> wrote: > > Hi Simon, > Thanks for you quick reply and sorry for the confusion over > forum,here is my request for help > > 1) Do you know any repository which had already did it > "verify second u-boot signature" over beaglebone. > > > I'm not sure if this was done or not. You could look in cros/amxx here: > > https://chromium.googlesource.com/chromiumos/third_party/u-boot/+/chromeos-v2013.06 > > or a newer version that doesn't currently support beaglebone. > > https://chromium.googlesource.com/chromiumos/third_party/u-boot/+/chromeos-v2015.07-rc1 > > The Chrome OS implementation uses the same crypto but has custom > binary data structures. I'm working a bit on trying to bridge the gap > but we are not there yet. > > So the easiest way to make this work is probably to use the FIT > signature verification and put your second U-Boot into the FIT. That > should handle the verification and then after it loads you can turn > off the cache and jump to it. It already works on Beaglebone and the > only difference is that it is currently set up to load a kernel, but > you want to load U-Boot. > > > 2) Please verify and confirm the following link, if i was going > in the right direction. > > http://git.chromium.org/gitweb/?p=chromiumos/third_party/u-boot.git;a=commit;h=b9e8864294d8f2143ce17b4e0d4ba019b6348199 > > Thanks, > pratap > > > Regards, > Simon > > > Thanks, > pratap > > On Thu, May 21, 2015 at 6:32 PM, Simon Glass <s...@chromium.org> wrote: > > > Hi, > > It's here: > > https://chromium.googlesource.com/chromiumos/third_party/u-boot > > in branch chromeos-v2013.06. It is implemented for chromeos_peach. > > If you have further questions, please send them to the U-Boot mailing list > and cc me. > > Regards, > Simon > > > On 21 May 2015 at 17:25, Maddimsetty Pratap <pratapna...@gmail.com> wrote: > > > Hi Simon, > I am apologize to e-mail you directly. In one of your > presentations regarding FIT, you had stated uboot loading a signed secondary > uboot loader in chromium. I would be glad if you provide me with any > reference regarding the same. > > > Here is the statement from LWN.net. > > > "Chrome OS starts up U-Boot, loads and verifies a second U-Boot, loads > and verifies a kernel and jumps to it all in under 700ms on a modern SoC" > > Thanks, > pratap > > > > > > > > > > > -- > pratap naidu > > _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
