u-boot

sysmo-bts

u-boot

Fork 0

Commit Graph

Author	SHA1	Message	Date
Aneesh Bansal	9711f52806	armv8/ls1043ardb: add SECURE BOOT target for NOR LS1043ARDB Secure Boot Target from NOR has been added. - Configs defined to enable esbc_validate. - ESBC Address in header is made 64 bit. - SMMU is re-configured in Bypass mode. Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>	2015-12-15 08:57:35 +08:00
Aneesh Bansal	7bcb0eb285	Pointers in ESBC header made 32 bit For the Chain of Trust, the esbc_validate command supports 32 bit fields for location of the image. In the header structure definition, these were declared as pointers which made them 64 bit on a 64 bit core. Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>	2015-10-29 10:33:57 -07:00
gaurav rana	47151e4bcc	SECURE BOOT: Add command for validation of images 1. esbc_validate command is meant for validating header and signature of images (Boot Script and ESBC uboot client). SHA-256 and RSA operations are performed using SEC block in HW. This command works on both PBL based and Non PBL based Freescale platforms. Command usage: esbc_validate img_hdr_addr [pub_key_hash] 2. ESBC uboot client can be linux. Additionally, rootfs and device tree blob can also be signed. 3. In the event of header or signature failure in validation, ITS and ITF bits determine further course of action. 4. In case of soft failure, appropriate error is dumped on console. 5. In case of hard failure, SoC is issued RESET REQUEST after dumping error on the console. 6. KEY REVOCATION Feature: QorIQ platforms like B4/T4 have support of srk key table and key revocation in ISBC code in Silicon. The srk key table allows the user to have a key table with multiple keys and revoke any key in case of particular key gets compromised. In case the ISBC code uses the key revocation and srk key table to verify the u-boot code, the subsequent chain of trust should also use the same. 6. ISBC KEY EXTENSION Feature: This feature allows large number of keys to be used for esbc validation of images. A set of public keys is being signed and validated by ISBC which can be further used for esbc validation of images. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>	2015-03-05 12:04:59 -08:00

Author

SHA1

Message

Date

Aneesh Bansal

9711f52806

armv8/ls1043ardb: add SECURE BOOT target for NOR

LS1043ARDB Secure Boot Target from NOR has been added.
- Configs defined to enable esbc_validate.
- ESBC Address in header is made 64 bit.
- SMMU is re-configured in Bypass mode.

Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>

2015-12-15 08:57:35 +08:00

Aneesh Bansal

7bcb0eb285

Pointers in ESBC header made 32 bit

For the Chain of Trust, the esbc_validate command supports
32 bit fields for location of the image. In the header structure
definition, these were declared as pointers which made them
64 bit on a 64 bit core.

Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>

2015-10-29 10:33:57 -07:00

gaurav rana

47151e4bcc

SECURE BOOT: Add command for validation of images

1. esbc_validate command is meant for validating header and
   signature of images (Boot Script and ESBC uboot client).
   SHA-256 and RSA operations are performed using SEC block in HW.
   This command works on both PBL based and Non PBL based Freescale
   platforms.
   Command usage:
   esbc_validate img_hdr_addr [pub_key_hash]
2. ESBC uboot client can be linux. Additionally, rootfs and device
   tree blob can also be signed.
3. In the event of header or signature failure in validation,
   ITS and ITF bits determine further course of action.
4. In case of soft failure, appropriate error is dumped on console.
5. In case of hard failure, SoC is issued RESET REQUEST after
   dumping error on the console.
6. KEY REVOCATION Feature:
   QorIQ platforms like B4/T4 have support of srk key table and key
   revocation in ISBC code in Silicon.
   The srk key table allows the user to have a key table with multiple
   keys and revoke any key in case of particular key gets compromised.
   In case the ISBC code uses the key revocation and srk key table to
   verify the u-boot code, the subsequent chain of trust should also
   use the same.
6. ISBC KEY EXTENSION Feature:
   This feature allows large number of keys to be used for esbc validation
   of images. A set of public keys is being signed and validated by ISBC
   which can be further used for esbc validation of images.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>

2015-03-05 12:04:59 -08:00

3 Commits