On 02/09/2017 02:08 AM, Udit Agarwal wrote:
For validating images from uboot (Such as Kernel Image), either keys from SoC fuses can be used or keys from a verified table of public keys can be used. The latter feature is called IE Key Extension Feature.
For Layerscape Chasis 3 based platforms, IE table is validated by Bootrom and address of this table is written in scratch registers 13 and 14 via PBI commands.
Following are the steps describing usage of this feature:
- Verify IE Table in ISBC phase using keys stored in fuses.
- Install IE table. (To be used across verification of multiple images stored in a static global structure.)
- Use keys from IE table, to verify further images.
Signed-off-by: Aneesh Bansal aneesh.bansal@nxp.com Signed-off-by: Saksham Jain saksham.jain@nxp.com Signed-off-by: Udit Agarwal udit.agarwal@nxp.com
Changes for V2 Adds more clarity in subject and description related to this feature.
Minor reformat commit message (some lines are too long). Applied to fsl-qoriq master, awaiting upstream. Thanks.
York