On Mon, Jul 17, 2017 at 12:59:15PM -0500, Andrew F. Davis wrote: > From: Madan Srinivas <mad...@ti.com> > > On early K2 devices (eg. K2HK) the secure ROM code does not support > loading secure code to firewall protected memory, before decrypting, > authenticating and executing it. > > To load the boot monitor on these devices, it is necessary to first > authenticate and run a copy loop from non-secure memory that copies > the boot monitor behind firewall protected memory, before decrypting > and executing it. > > On K2G, the secure ROM does not allow secure code executing from > unprotected memory. Further, ROM first copies the signed and encrypted > image into firewall protected memory, then decrypts, authenticates > and executes it. > > As a result of this, we cannot use the copy loop for K2G. The > mon_install has to be modified to pass the address the signed and > encrypted secure boot monitor image to the authentication API. > > For backward compatibility with other K2 devices and K2G GP, > the mon_install API still supports a single argument. In this case > the second argument is set to 0 by u-boot and is ignored by ROM > > Signed-off-by: Thanh Tran <thanh-t...@ti.com> > Signed-off-by: Madan Srinivas <mad...@ti.com> > Reviewed-by: Tom Rini <tr...@konsulko.com>
Applied to u-boot/master, thanks! -- Tom
signature.asc
Description: Digital signature
_______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
