On Thursday 16 June 2016 12:56 AM, Andreas Dannenberg wrote:
From: Daniel Allred d-allred@ti.com
Adds a board specific FIT image post processing function for when CONFIG_SECURE_BOOT is defined. Also update the omap common config header to enable CONFIG_SECURE_BOOT always for secure TI devices (CONFIG_TI_SECURE_DEVICE is defined).
Signed-off-by: Daniel Allred d-allred@ti.com Signed-off-by: Andreas Dannenberg dannenberg@ti.com
board/ti/am57xx/board.c | 7 +++++++ board/ti/dra7xx/evm.c | 7 +++++++ include/configs/ti_omap5_common.h | 4 ++++ 3 files changed, 18 insertions(+)
diff --git a/board/ti/am57xx/board.c b/board/ti/am57xx/board.c index 08cf14d..a9635c2 100644 --- a/board/ti/am57xx/board.c +++ b/board/ti/am57xx/board.c @@ -750,3 +750,10 @@ int board_fit_config_name_match(const char *name) return -1; } #endif
+#ifdef CONFIG_SECURE_BOOT +void board_fit_image_post_process(void **p_image, size_t *p_size) +{
- secure_boot_verify_image(p_image, p_size);
+} +#endif diff --git a/board/ti/dra7xx/evm.c b/board/ti/dra7xx/evm.c index 3fbbc9b..03eefb6 100644 --- a/board/ti/dra7xx/evm.c +++ b/board/ti/dra7xx/evm.c @@ -739,3 +739,10 @@ int board_fit_config_name_match(const char *name) return -1; } #endif
+#ifdef CONFIG_SECURE_BOOT +void board_fit_image_post_process(void **p_image, size_t *p_size) +{
- secure_boot_verify_image(p_image, p_size);
+} +#endif diff --git a/include/configs/ti_omap5_common.h b/include/configs/ti_omap5_common.h index 2e4c8e9..9db6da2 100644 --- a/include/configs/ti_omap5_common.h +++ b/include/configs/ti_omap5_common.h @@ -138,6 +138,10 @@
- print some information.
*/ #ifdef CONFIG_TI_SECURE_DEVICE
+/* Always enforce for secure devices */ +#define CONFIG_SECURE_BOOT
Can you make this a Kconfig option?
You are enabling it for GP devices as well. What happens in GP devices?
Thanks and regards, Lokesh
/*
- For memory booting on HS parts, the first 4KB of the internal RAM is
- reserved for secure world use and the flash loader image is