From: Madan Srinivas madans@ti.com
Modify the SPL build procedure for AM437x high-security (HS) device variants to create a secure u-boot_HS.img FIT blob that contains U-Boot and DTB artifacts signed (and optionally encrypted) with a TI-specific process based on the CONFIG_TI_SECURE_DEVICE config option and the externally-provided image signing tool.
Also populate the corresponding FIT image post processing call to be performed during SPL runtime.
Signed-off-by: Madan Srinivas madans@ti.com Signed-off-by: Andreas Dannenberg dannenberg@ti.com --- arch/arm/cpu/armv7/am33xx/config.mk | 1 + board/ti/am43xx/board.c | 7 +++++++ 2 files changed, 8 insertions(+)
diff --git a/arch/arm/cpu/armv7/am33xx/config.mk b/arch/arm/cpu/armv7/am33xx/config.mk index 6d95d32..ab94708 100644 --- a/arch/arm/cpu/armv7/am33xx/config.mk +++ b/arch/arm/cpu/armv7/am33xx/config.mk @@ -26,6 +26,7 @@ endif else ifeq ($(CONFIG_TI_SECURE_DEVICE),y) ALL-$(CONFIG_QSPI_BOOT) += u-boot_HS_XIP_X-LOADER +ALL-y += u-boot_HS.img endif ALL-y += u-boot.img endif diff --git a/board/ti/am43xx/board.c b/board/ti/am43xx/board.c index f005762..fc0b38b 100644 --- a/board/ti/am43xx/board.c +++ b/board/ti/am43xx/board.c @@ -862,3 +862,10 @@ int board_fit_config_name_match(const char *name) return -1; } #endif + +#ifdef CONFIG_TI_SECURE_DEVICE +void board_fit_image_post_process(void **p_image, size_t *p_size) +{ + secure_boot_verify_image(p_image, p_size); +} +#endif