[U-Boot] [PATCH 0/3] Enable post-processing of FIT artifacts on HS boards
Hello all,
With eba3fbd6a12b ("common: image: Add support for post-processing of images") we can now post-process FIT artifacts in U-Boot proper just like we do in SPL. This allows us to continue the chain-of-trust into the next stages of the boot process after U-Boot. This series enables this in the defconfig for supported HS devices.
Thanks, Andrew
Andreas Dannenberg (3): ARM: AM43xx: Enable post-processing of FIT artifacts loaded by U-Boot ARM: DRA7xx: Enable post-processing of FIT artifacts loaded by U-Boot ARM: AM57xx: Enable post-processing of FIT artifacts loaded by U-Boot
configs/am43xx_hs_evm_defconfig | 1 + configs/am57xx_hs_evm_defconfig | 1 + configs/dra7xx_hs_evm_defconfig | 1 + 3 files changed, 3 insertions(+)
From: Andreas Dannenberg dannenberg@ti.com
Enable the platform-specific post-processing of FIT-extracted blobs such as Kernel, DTB, and initramfs on TI AM43xx high-security (HS) devices which will ultimately invoke a ROM-based API call that performs secure processing such as blob authentication.
Signed-off-by: Andreas Dannenberg dannenberg@ti.com Signed-off-by: Andrew F. Davis afd@ti.com --- configs/am43xx_hs_evm_defconfig | 1 + 1 file changed, 1 insertion(+)
diff --git a/configs/am43xx_hs_evm_defconfig b/configs/am43xx_hs_evm_defconfig index 1553196..55ae2fd 100644 --- a/configs/am43xx_hs_evm_defconfig +++ b/configs/am43xx_hs_evm_defconfig @@ -14,6 +14,7 @@ CONFIG_FIT=y CONFIG_SYS_EXTRA_OPTIONS="CONS_INDEX=1, NAND" CONFIG_SPL_LOAD_FIT=y CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y +CONFIG_FIT_IMAGE_POST_PROCESS=y CONFIG_HUSH_PARSER=y CONFIG_CMD_BOOTZ=y # CONFIG_CMD_IMLS is not set
On Thursday 25 August 2016 01:02 AM, Andrew F. Davis wrote:
From: Andreas Dannenberg dannenberg@ti.com
Enable the platform-specific post-processing of FIT-extracted blobs such as Kernel, DTB, and initramfs on TI AM43xx high-security (HS) devices which will ultimately invoke a ROM-based API call that performs secure processing such as blob authentication.
Signed-off-by: Andreas Dannenberg dannenberg@ti.com Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Lokesh Vutla lokeshvutla@ti.com
Thanks and regards, Lokesh
configs/am43xx_hs_evm_defconfig | 1 + 1 file changed, 1 insertion(+)
diff --git a/configs/am43xx_hs_evm_defconfig b/configs/am43xx_hs_evm_defconfig index 1553196..55ae2fd 100644 --- a/configs/am43xx_hs_evm_defconfig +++ b/configs/am43xx_hs_evm_defconfig @@ -14,6 +14,7 @@ CONFIG_FIT=y CONFIG_SYS_EXTRA_OPTIONS="CONS_INDEX=1, NAND" CONFIG_SPL_LOAD_FIT=y CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y +CONFIG_FIT_IMAGE_POST_PROCESS=y CONFIG_HUSH_PARSER=y CONFIG_CMD_BOOTZ=y # CONFIG_CMD_IMLS is not set
On Wed, Aug 24, 2016 at 02:32:16PM -0500, Andrew F. Davis wrote:
From: Andreas Dannenberg dannenberg@ti.com
Enable the platform-specific post-processing of FIT-extracted blobs such as Kernel, DTB, and initramfs on TI AM43xx high-security (HS) devices which will ultimately invoke a ROM-based API call that performs secure processing such as blob authentication.
Signed-off-by: Andreas Dannenberg dannenberg@ti.com Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
On Wed, Aug 24, 2016 at 02:32:16PM -0500, Andrew F. Davis wrote:
From: Andreas Dannenberg dannenberg@ti.com
Enable the platform-specific post-processing of FIT-extracted blobs such as Kernel, DTB, and initramfs on TI AM43xx high-security (HS) devices which will ultimately invoke a ROM-based API call that performs secure processing such as blob authentication.
Signed-off-by: Andreas Dannenberg dannenberg@ti.com Signed-off-by: Andrew F. Davis afd@ti.com Reviewed-by: Lokesh Vutla lokeshvutla@ti.com Reviewed-by: Tom Rini trini@konsulko.com
Applied to u-boot/master, thanks!
From: Andreas Dannenberg dannenberg@ti.com
Enable the platform-specific post-processing of FIT-extracted blobs such as Kernel, DTB, and initramfs on TI DRA7xx high-security (HS) devices which will ultimately invoke a ROM-based API call that performs secure processing such as blob authentication.
Signed-off-by: Andreas Dannenberg dannenberg@ti.com Signed-off-by: Andrew F. Davis afd@ti.com --- configs/dra7xx_hs_evm_defconfig | 1 + 1 file changed, 1 insertion(+)
diff --git a/configs/dra7xx_hs_evm_defconfig b/configs/dra7xx_hs_evm_defconfig index ae08e6d..d6e4e07 100644 --- a/configs/dra7xx_hs_evm_defconfig +++ b/configs/dra7xx_hs_evm_defconfig @@ -65,3 +65,4 @@ CONFIG_PCF8575_GPIO=y CONFIG_DM_REGULATOR=y CONFIG_DM_REGULATOR_FIXED=y CONFIG_CMD_REGULATOR=y +CONFIG_FIT_IMAGE_POST_PROCESS=y
On Thursday 25 August 2016 01:02 AM, Andrew F. Davis wrote:
From: Andreas Dannenberg dannenberg@ti.com
Enable the platform-specific post-processing of FIT-extracted blobs such as Kernel, DTB, and initramfs on TI DRA7xx high-security (HS) devices which will ultimately invoke a ROM-based API call that performs secure processing such as blob authentication.
Signed-off-by: Andreas Dannenberg dannenberg@ti.com Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Lokesh Vutla lokeshvutla@ti.com
Thanks and regards, Lokesh
configs/dra7xx_hs_evm_defconfig | 1 + 1 file changed, 1 insertion(+)
diff --git a/configs/dra7xx_hs_evm_defconfig b/configs/dra7xx_hs_evm_defconfig index ae08e6d..d6e4e07 100644 --- a/configs/dra7xx_hs_evm_defconfig +++ b/configs/dra7xx_hs_evm_defconfig @@ -65,3 +65,4 @@ CONFIG_PCF8575_GPIO=y CONFIG_DM_REGULATOR=y CONFIG_DM_REGULATOR_FIXED=y CONFIG_CMD_REGULATOR=y +CONFIG_FIT_IMAGE_POST_PROCESS=y
On Wed, Aug 24, 2016 at 02:32:17PM -0500, Andrew F. Davis wrote:
From: Andreas Dannenberg dannenberg@ti.com
Enable the platform-specific post-processing of FIT-extracted blobs such as Kernel, DTB, and initramfs on TI DRA7xx high-security (HS) devices which will ultimately invoke a ROM-based API call that performs secure processing such as blob authentication.
Signed-off-by: Andreas Dannenberg dannenberg@ti.com Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
On Wed, Aug 24, 2016 at 02:32:17PM -0500, Andrew F. Davis wrote:
From: Andreas Dannenberg dannenberg@ti.com
Enable the platform-specific post-processing of FIT-extracted blobs such as Kernel, DTB, and initramfs on TI DRA7xx high-security (HS) devices which will ultimately invoke a ROM-based API call that performs secure processing such as blob authentication.
Signed-off-by: Andreas Dannenberg dannenberg@ti.com Signed-off-by: Andrew F. Davis afd@ti.com Reviewed-by: Lokesh Vutla lokeshvutla@ti.com Reviewed-by: Tom Rini trini@konsulko.com
Applied to u-boot/master, thanks!
From: Andreas Dannenberg dannenberg@ti.com
Enable the platform-specific post-processing of FIT-extracted blobs such as Kernel, DTB, and initramfs on TI AM57xx high-security (HS) devices which will ultimately invoke a ROM-based API call that performs secure processing such as blob authentication.
Signed-off-by: Andreas Dannenberg dannenberg@ti.com Signed-off-by: Andrew F. Davis afd@ti.com --- configs/am57xx_hs_evm_defconfig | 1 + 1 file changed, 1 insertion(+)
diff --git a/configs/am57xx_hs_evm_defconfig b/configs/am57xx_hs_evm_defconfig index a4bfdd5..afd37d4 100644 --- a/configs/am57xx_hs_evm_defconfig +++ b/configs/am57xx_hs_evm_defconfig @@ -41,6 +41,7 @@ CONFIG_FIT=y CONFIG_SPL_OF_LIBFDT=y CONFIG_SPL_LOAD_FIT=y CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y +CONFIG_FIT_IMAGE_POST_PROCESS=y CONFIG_OF_LIST="am57xx-beagle-x15" CONFIG_DM_I2C=y CONFIG_DM_SPI=y
On Thursday 25 August 2016 01:02 AM, Andrew F. Davis wrote:
From: Andreas Dannenberg dannenberg@ti.com
Enable the platform-specific post-processing of FIT-extracted blobs such as Kernel, DTB, and initramfs on TI AM57xx high-security (HS) devices which will ultimately invoke a ROM-based API call that performs secure processing such as blob authentication.
Signed-off-by: Andreas Dannenberg dannenberg@ti.com Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Lokesh Vutla lokeshvutla@ti.com
Thanks and regards, Lokesh
configs/am57xx_hs_evm_defconfig | 1 + 1 file changed, 1 insertion(+)
diff --git a/configs/am57xx_hs_evm_defconfig b/configs/am57xx_hs_evm_defconfig index a4bfdd5..afd37d4 100644 --- a/configs/am57xx_hs_evm_defconfig +++ b/configs/am57xx_hs_evm_defconfig @@ -41,6 +41,7 @@ CONFIG_FIT=y CONFIG_SPL_OF_LIBFDT=y CONFIG_SPL_LOAD_FIT=y CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y +CONFIG_FIT_IMAGE_POST_PROCESS=y CONFIG_OF_LIST="am57xx-beagle-x15" CONFIG_DM_I2C=y CONFIG_DM_SPI=y
On Wed, Aug 24, 2016 at 02:32:18PM -0500, Andrew F. Davis wrote:
From: Andreas Dannenberg dannenberg@ti.com
Enable the platform-specific post-processing of FIT-extracted blobs such as Kernel, DTB, and initramfs on TI AM57xx high-security (HS) devices which will ultimately invoke a ROM-based API call that performs secure processing such as blob authentication.
Signed-off-by: Andreas Dannenberg dannenberg@ti.com Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
On Wed, Aug 24, 2016 at 02:32:18PM -0500, Andrew F. Davis wrote:
From: Andreas Dannenberg dannenberg@ti.com
Enable the platform-specific post-processing of FIT-extracted blobs such as Kernel, DTB, and initramfs on TI AM57xx high-security (HS) devices which will ultimately invoke a ROM-based API call that performs secure processing such as blob authentication.
Signed-off-by: Andreas Dannenberg dannenberg@ti.com Signed-off-by: Andrew F. Davis afd@ti.com Reviewed-by: Lokesh Vutla lokeshvutla@ti.com Reviewed-by: Tom Rini trini@konsulko.com
Applied to u-boot/master, thanks!
participants (3)
-
Andrew F. Davis -
Lokesh Vutla -
Tom Rini