On Mon, Jun 27, 2016 at 09:19:15AM -0500, Andreas Dannenberg wrote:
This is an updated version of a patch series that introduces a generic way to optionally post-process blobs as they get extracted by the SPL from the u-boot.img FIT image, and uses this scheme to perform some authentication/ decryption related processing on TI's high-secure (HS) SoC variants. For additional background please see here [1].
I just wanted to point out that this now-accepted patch series in by itself is not a 100% complete solution to address all needs of secure boot. Specifically, the extensions made rely on loading U-Boot as a FIT image (CONFIG_SPL_LOAD_FIT) but do not prevent the loading of a legacy non-FIT U-Boot image. This is something that will need to get addressed in a follow-on patch.
Regards, Andreas
[1] http://lists.denx.de/pipermail/u-boot/2016-June/258716.html