This is an updated version of a patch series that introduces a generic way to optionally post-process blobs as they get extracted by the SPL from the u-boot.img FIT image, and uses this scheme to perform some authentication/ decryption related processing on TI's high-secure (HS) SoC variants. For additional background please see here [1].
Despite there being a few changes (see below) based on previous feedback (thanks!) I did carry forward most of the Reviewed-by: tags as I felt the fundamental approach and most if not all of the building blocks pretty much stayed intact, I hope that's okay. I've also completely re-rested the series on all applicable HS devices and checked for any build issues as well as runtime issues without findings. Changes PATCH->PATCH v2: - Added some glue code to suppress SPL "Authentication passed" log messages in case of UART/Y-Modem boot (thanks Lokesh) - Dropped the .NOTPARALLEL make hack when building the 'dtbs' target. Now, we rely on Yamada-san's patch [2] that fixes this on a more global scale - Fixed some typos (thanks Yamada-san) - Turned the __weak function call for inserting a post-processing function into a Kconfig option (thanks Simon). Also enabled that Kconfig option on applicable AM43xx HS, AM57xx HS, DRA7xx HS, and DRA72xx HS device variants defconfig files (note there is a dependency on [3] which renames the AM437x HS defconfig file) - Introduced a new header file omap_sec_common.h for commom security API as using omap_common.h as done previously led to issues trying to use this file on AM43xx type devices. This device family (and AM335x as well) is not supported by omap_common.h, and trying to include this file into AM43xx board files leads to all kinds of issues (the registers and definitions are simply not compatible) - Re-ordered the series so that the Kconfig option is introduced after all of the building blocks have been put into place (generic infrastructure and the TI-specific implementation). - Minor readme update to account for the new Kconfig option Changes RFC->PATCH: - Update of README.ti-secure - Unification of some of the secure ROM API call stuff between AM43xx and OMAP5-based platforms by moving those into common files - Replacement of puts() with printf() - Minor build simplification/cleanup - Addition of "Reviewed-by:" comments for files that were pretty much carried over from the RFC as-is - Addition of AM437x HS device build support (was missing in RFC) - Removal of some redundant conditional compile directives - Rebased on upstream U-Boot commit "Prepare v2016.07-rc2" -- Andreas Dannenberg Texas Instruments Inc [1] http://lists.denx.de/pipermail/u-boot/2016-June/258716.html [2] http://lists.denx.de/pipermail/u-boot/2016-June/258912.html [3] http://lists.denx.de/pipermail/u-boot/2016-June/258896.html Andreas Dannenberg (5): arm: omap-common: add secure rom call API for secure devices arm: omap-common: secure ROM signature verify API arm: omap-common: Update to generate secure U-Boot FIT blob arm: omap5: add U-Boot FIT signing and SPL image post-processing doc: Update info on using secure devices from TI Daniel Allred (3): arm: cache: add missing dummy functions for when dcache disabled arm: omap-common: add secure smc entry spl: fit: add support for post-processing of images Madan Srinivas (1): arm: am4x: add U-Boot FIT signing and SPL image post-processing Kconfig | 4 + arch/arm/cpu/armv7/am33xx/config.mk | 1 + arch/arm/cpu/armv7/cache_v7.c | 8 ++ arch/arm/cpu/armv7/omap-common/Makefile | 2 + arch/arm/cpu/armv7/omap-common/config_secure.mk | 75 ++++++++-- arch/arm/cpu/armv7/omap-common/lowlevel_init.S | 45 ++++-- arch/arm/cpu/armv7/omap-common/sec-common.c | 138 ++++++++++++++++++ arch/arm/cpu/armv7/omap5/config.mk | 3 + arch/arm/include/asm/omap_common.h | 6 + arch/arm/include/asm/omap_sec_common.h | 30 ++++ board/ti/am43xx/board.c | 8 ++ board/ti/am57xx/board.c | 8 ++ board/ti/dra7xx/evm.c | 9 ++ common/spl/spl_fit.c | 21 ++- configs/am43xx_hs_evm_defconfig | 1 + configs/am57xx_hs_evm_defconfig | 1 + configs/dra7xx_hs_evm_defconfig | 1 + doc/README.ti-secure | 177 ++++++++++++++++-------- include/image.h | 17 +++ 19 files changed, 473 insertions(+), 82 deletions(-) create mode 100644 arch/arm/cpu/armv7/omap-common/sec-common.c create mode 100644 arch/arm/include/asm/omap_sec_common.h -- 2.6.4 _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
