[U-Boot] [U-Boot PATCH 0/2] Adds support for secure boot on TCI6630K2L HS devices
This series adds support for the secure Lammar (K2L) SoC.
It defines a new defconfig file for K2L HS, based on the GP K2L defconfig and updates the u-boot default env variables to install the secure boot-monitor on startup.
Madan Srinivas (2): configs: k2l: Updates u-boot env to install secure boot monitor defconfig: k2l_hs_evm: Add k2l_hs_evm_defconfig
configs/k2l_hs_evm_defconfig | 43 +++++++++++++++++++++++++++++++++++++++++++ include/configs/k2l_evm.h | 9 +++++++++ 2 files changed, 52 insertions(+) create mode 100644 configs/k2l_hs_evm_defconfig
This patch updates the default u-boot env for K2L HS devices to install the secure boot monitor and load the fitImage during boot.
Signed-off-by: Madan Srinivas madans@ti.com
---
include/configs/k2l_evm.h | 9 +++++++++ 1 file changed, 9 insertions(+)
diff --git a/include/configs/k2l_evm.h b/include/configs/k2l_evm.h index d8bcbde..87639df 100644 --- a/include/configs/k2l_evm.h +++ b/include/configs/k2l_evm.h @@ -15,9 +15,18 @@ /* Platform type */ #define CONFIG_SOC_K2L
+#ifdef CONFIG_TI_SECURE_DEVICE +#define DEFAULT_SEC_BOOT_ENV \ + DEFAULT_FIT_TI_ARGS \ + "findfdt=setenv fdtfile ${name_fdt}\0" +#else +#define DEFAULT_SEC_BOOT_ENV +#endif + /* U-Boot general configuration */ #define CONFIG_EXTRA_ENV_KS2_BOARD_SETTINGS \ DEFAULT_FW_INITRAMFS_BOOT_ENV \ + DEFAULT_SEC_BOOT_ENV \ "boot=ubi\0" \ "args_ubi=setenv bootargs ${bootargs} rootfstype=ubifs " \ "root=ubi0:rootfs rootflags=sync rw ubi.mtd=ubifs,4096\0" \
+Tom
On Friday 16 February 2018 11:22 PM, Madan Srinivas wrote:
This patch updates the default u-boot env for K2L HS devices to install the secure boot monitor and load the fitImage during boot.
Signed-off-by: Madan Srinivas madans@ti.com
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com?
Thanks and regards, Lokesh
include/configs/k2l_evm.h | 9 +++++++++ 1 file changed, 9 insertions(+)
diff --git a/include/configs/k2l_evm.h b/include/configs/k2l_evm.h index d8bcbde..87639df 100644 --- a/include/configs/k2l_evm.h +++ b/include/configs/k2l_evm.h @@ -15,9 +15,18 @@ /* Platform type */ #define CONFIG_SOC_K2L
+#ifdef CONFIG_TI_SECURE_DEVICE +#define DEFAULT_SEC_BOOT_ENV \
- DEFAULT_FIT_TI_ARGS \
- "findfdt=setenv fdtfile ${name_fdt}\0"
+#else +#define DEFAULT_SEC_BOOT_ENV +#endif
/* U-Boot general configuration */ #define CONFIG_EXTRA_ENV_KS2_BOARD_SETTINGS \ DEFAULT_FW_INITRAMFS_BOOT_ENV \
- DEFAULT_SEC_BOOT_ENV \ "boot=ubi\0" \ "args_ubi=setenv bootargs ${bootargs} rootfstype=ubifs " \ "root=ubi0:rootfs rootflags=sync rw ubi.mtd=ubifs,4096\0" \
Adds a dedicated defconfig to build TI K2L secure devices. Created from the k2l_evm_defconfig and removes support for SPL, as SPL is not supported on K2 HS devices. Corrects SYS_TEXT_BASE for HS devices.
Also adds TI_SECURE_DEVICE and FIT_IMAGE_POST_PROCESS to include support for secure image creation and authentication
Signed-off-by: Madan Srinivas madans@ti.com ---
configs/k2l_hs_evm_defconfig | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 configs/k2l_hs_evm_defconfig
diff --git a/configs/k2l_hs_evm_defconfig b/configs/k2l_hs_evm_defconfig new file mode 100644 index 0000000..cc002d3 --- /dev/null +++ b/configs/k2l_hs_evm_defconfig @@ -0,0 +1,43 @@ +CONFIG_ARM=y +CONFIG_ARCH_KEYSTONE=y +CONFIG_TI_SECURE_DEVICE=y +CONFIG_SYS_TEXT_BASE=0xC000060 +CONFIG_TI_COMMON_CMD_OPTIONS=y +CONFIG_TARGET_K2L_EVM=y +CONFIG_DEFAULT_DEVICE_TREE="keystone-k2l-evm" +CONFIG_FIT_IMAGE_POST_PROCESS=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_SYS_CONSOLE_INFO_QUIET=y +CONFIG_VERSION_VARIABLE=y +CONFIG_BOARD_EARLY_INIT_F=y +CONFIG_HUSH_PARSER=y +# CONFIG_CMD_FLASH is not set +# CONFIG_CMD_GPIO is not set +# CONFIG_CMD_GPT is not set +# CONFIG_CMD_MMC is not set +CONFIG_CMD_NAND=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_MTDIDS_DEFAULT="nand0=davinci_nand.0" +CONFIG_MTDPARTS_DEFAULT="mtdparts=davinci_nand.0:1024k(bootloader)ro,512k(params)ro,-(ubifs)" +CONFIG_CMD_UBI=y +CONFIG_ISO_PARTITION=y +CONFIG_EFI_PARTITION=y +CONFIG_OF_CONTROL=y +CONFIG_ENV_IS_IN_NAND=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_TI_AEMIF=y +# CONFIG_MMC is not set +CONFIG_DM_SPI_FLASH=y +CONFIG_SPI_FLASH=y +CONFIG_SPI_FLASH_STMICRO=y +CONFIG_PHYLIB=y +CONFIG_DM_ETH=y +CONFIG_DM_SERIAL=y +CONFIG_SYS_NS16550=y +CONFIG_DM_SPI=y +CONFIG_DAVINCI_SPI=y +CONFIG_USB=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DWC3=y +CONFIG_USB_STORAGE=y
+Tom
On Friday 16 February 2018 11:22 PM, Madan Srinivas wrote:
Adds a dedicated defconfig to build TI K2L secure devices. Created from the k2l_evm_defconfig and removes support for SPL, as SPL is not supported on K2 HS devices. Corrects SYS_TEXT_BASE for HS devices.
Also adds TI_SECURE_DEVICE and FIT_IMAGE_POST_PROCESS to include support for secure image creation and authentication
Signed-off-by: Madan Srinivas madans@ti.com
Reviewed-by: Lokesh Vutla lokeshvutla@ti.com
Thanks and regards, Lokesh
configs/k2l_hs_evm_defconfig | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 configs/k2l_hs_evm_defconfig
diff --git a/configs/k2l_hs_evm_defconfig b/configs/k2l_hs_evm_defconfig new file mode 100644 index 0000000..cc002d3 --- /dev/null +++ b/configs/k2l_hs_evm_defconfig @@ -0,0 +1,43 @@ +CONFIG_ARM=y +CONFIG_ARCH_KEYSTONE=y +CONFIG_TI_SECURE_DEVICE=y +CONFIG_SYS_TEXT_BASE=0xC000060 +CONFIG_TI_COMMON_CMD_OPTIONS=y +CONFIG_TARGET_K2L_EVM=y +CONFIG_DEFAULT_DEVICE_TREE="keystone-k2l-evm" +CONFIG_FIT_IMAGE_POST_PROCESS=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_SYS_CONSOLE_INFO_QUIET=y +CONFIG_VERSION_VARIABLE=y +CONFIG_BOARD_EARLY_INIT_F=y +CONFIG_HUSH_PARSER=y +# CONFIG_CMD_FLASH is not set +# CONFIG_CMD_GPIO is not set +# CONFIG_CMD_GPT is not set +# CONFIG_CMD_MMC is not set +CONFIG_CMD_NAND=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_MTDIDS_DEFAULT="nand0=davinci_nand.0" +CONFIG_MTDPARTS_DEFAULT="mtdparts=davinci_nand.0:1024k(bootloader)ro,512k(params)ro,-(ubifs)" +CONFIG_CMD_UBI=y +CONFIG_ISO_PARTITION=y +CONFIG_EFI_PARTITION=y +CONFIG_OF_CONTROL=y +CONFIG_ENV_IS_IN_NAND=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_TI_AEMIF=y +# CONFIG_MMC is not set +CONFIG_DM_SPI_FLASH=y +CONFIG_SPI_FLASH=y +CONFIG_SPI_FLASH_STMICRO=y +CONFIG_PHYLIB=y +CONFIG_DM_ETH=y +CONFIG_DM_SERIAL=y +CONFIG_SYS_NS16550=y +CONFIG_DM_SPI=y +CONFIG_DAVINCI_SPI=y +CONFIG_USB=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DWC3=y +CONFIG_USB_STORAGE=y
On Tue, Feb 27, 2018 at 11:06:32AM +0530, Lokesh Vutla wrote:
+Tom
On Friday 16 February 2018 11:22 PM, Madan Srinivas wrote:
Adds a dedicated defconfig to build TI K2L secure devices. Created from the k2l_evm_defconfig and removes support for SPL, as SPL is not supported on K2 HS devices. Corrects SYS_TEXT_BASE for HS devices.
Also adds TI_SECURE_DEVICE and FIT_IMAGE_POST_PROCESS to include support for secure image creation and authentication
Signed-off-by: Madan Srinivas madans@ti.com
Reviewed-by: Lokesh Vutla lokeshvutla@ti.com
Thanks and regards, Lokesh
configs/k2l_hs_evm_defconfig | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 configs/k2l_hs_evm_defconfig
Needs to update the relevant MAINTAINERS file, thanks!
On 02/16/2018 11:52 AM, Madan Srinivas wrote:
This series adds support for the secure Lammar (K2L) SoC.
It defines a new defconfig file for K2L HS, based on the GP K2L defconfig and updates the u-boot default env variables to install the secure boot-monitor on startup.
Acked-by: Andrew F. Davis afd@ti.com
Madan Srinivas (2): configs: k2l: Updates u-boot env to install secure boot monitor defconfig: k2l_hs_evm: Add k2l_hs_evm_defconfig
configs/k2l_hs_evm_defconfig | 43 +++++++++++++++++++++++++++++++++++++++++++ include/configs/k2l_evm.h | 9 +++++++++ 2 files changed, 52 insertions(+) create mode 100644 configs/k2l_hs_evm_defconfig
participants (4)
-
Andrew F. Davis -
Lokesh Vutla -
Madan Srinivas -
Tom Rini