On Thursday 01 September 2016 10:34 AM, Madan Srinivas wrote: > This series adds support for secure keystone family of devices, more > specifically for K2E (Edison).This work is similar to what has already > been done for the AM43xx and AM57xx SoCs and leverages much of the > infrastructure from them. > > The big difference here is the ROM on keystone2 devices does not provide > any APIs for image authentication. Rather, the image authentication and > decryption routines and other security functions are provided by > software and can run on the ARM in Trustzone as well as on secure DSPs. > > A component known as the boot monitor acts as they gateway to this secure > processing, and abstracts out the details from the public world. Unlike > OMAP class devices, where u-boot calls ROM APIs, u-boot calls into the boot- > monitor on keystone devices. > > Other than this difference, most of the secure framework for AMxx and > DRAxx devices have been re-used. > > Couple of other points to note :- > > -Support for SPL on secure keystone devices is still TBD, > so boot from SPI flash, which needs SPL, is not supported currently > on K2 devices. > > -A single image will work across all other boot media for secure K2 > devices.
Overall looks good to me. What happened to the early abort seen on H2 HS devices. How are you handling it? Thanks and regards, Lokesh > > Changes in v2: > - Corrects typo in commit message for PATCH 1/7 in this series > - The following changes are made to mon.c based on review comments > Adds NULL pointer check before calling authentication interface > Removes an unnecessary printf > Updates size of signed FIT blob after post processing removes header > - Adds a new name for the signed output image in config_secure.mk > to keep it in line with the image name used by non-secure keystone > devices. > - Changes the target for secure keystone devices in config.mk > to u-boot_HS_MLO to keep it in line with the MLO target that > is built for non-secure keystone devices. > - Updates k2e_hs_evm_defconfig to reduce the delta seen if one > regenerates it using savedefconfig or similar tools. > > Madan Srinivas (4): > include: image.h: Fixes build warning with > CONFIG_FIT_IMAGE_POST_PROCESS > arm: omap-common: adds secure image name common to OMAP and keystone > arm: mach-keystone: config.mk: Adds support for secure images on K2 > doc: Updates info on using keystone secure devices from TI > > Vitaly Andrianov (3): > arm: mach-keystone: Implements FIT post-processing call for keystone > SoCs > arm: omap-common: Enable support for K2 HS devices in u-boot > configs: Adds a defconfig for K2E High Security EVM > > arch/arm/cpu/armv7/omap-common/Kconfig | 2 +- > arch/arm/cpu/armv7/omap-common/config_secure.mk | 6 +++ > arch/arm/mach-keystone/config.mk | 6 +++ > arch/arm/mach-keystone/mon.c | 55 > +++++++++++++++++++++++++ > configs/k2e_hs_evm_defconfig | 43 +++++++++++++++++++ > doc/README.ti-secure | 20 +++++++++ > include/image.h | 3 +- > 7 files changed, 133 insertions(+), 2 deletions(-) > create mode 100644 configs/k2e_hs_evm_defconfig > _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot