18 Jan
2017
18 Jan
'17
5:58 p.m.
On 11.01.2017 16:01, Mario Six wrote:
The patch implements secure booting for the mvebu architecture.
This includes:
- The addition of secure headers and all needed signatures and keys in mkimage
- Commands capable of writing the board's efuses to both write the needed cryptographic data and enable the secure booting mechanism
- The creation of convenience text files containing the necessary commands to write the efuses
The KAK and CSK keys are expected to reside in the files kwb_kak.key and kwb_csk.key (OpenSSL 2048 bit private keys) in the top-level directory.
Signed-off-by: Reinhard Pfau reinhard.pfau@gdsys.cc Signed-off-by: Mario Six mario.six@gdsys.cc
Changes in v2:
- Added help text for MVEBU_EFUSE
- Removed superfluous defined(CONFIG_MVEBU_EFUSE) from arch/arm/mach-mvebu/Makefile
- Rewrote disable_efuse_program to use clrbits_le32
- Remove superfluous blank lines from arch/arm/mach-mvebu/include/mach/efuse.h
Thanks Mario for the nice and extensive documentation that you have added in this patch version. Really appreciated. I only skimmed though the patch and will re-test building for some other AXP / A38x board once I apply this patch series for upstreaming - perhaps next week. For now:
Reviewed-by: Stefan Roese sr@denx.de
Thanks, Stefan