* [PATCH 1/4] spl: Rename Kconfig SPL_LEGACY_IMAGE_SUPPORT to SPL_LEGACY_IMAGE_FORMAT
@ 2022-05-04 20:52 Andrew Davis
2022-05-04 20:52 ` [PATCH 2/4] spl: Force disable non-FIT loading for TI secure devices Andrew Davis
` (4 more replies)
0 siblings, 5 replies; 12+ messages in thread
From: Andrew Davis @ 2022-05-04 20:52 UTC (permalink / raw)
To: Simon Glass, Tom Rini, u-boot; +Cc: Andrew Davis
This matches what this support is called in the non-SPL case. The postfix
_SUPPORT is redundant as enabling Kconfig options implies support.
With this we can use CONFIG_IS_ENABLED() as needed.
Signed-off-by: Andrew Davis <afd@ti.com>
---
common/spl/Kconfig | 6 +++---
common/spl/Makefile | 2 +-
common/spl/spl_nor.c | 2 +-
configs/axm_defconfig | 2 +-
configs/imx8mm_data_modul_edm_sbc_defconfig | 2 +-
configs/imx8mn_evk_defconfig | 2 +-
configs/kontron-sl-mx6ul_defconfig | 2 +-
configs/mx6sabreauto_defconfig | 2 +-
configs/mx6sabresd_defconfig | 2 +-
configs/openpiton_riscv64_spl_defconfig | 2 +-
configs/stm32mp15_dhcom_basic_defconfig | 2 +-
configs/stm32mp15_dhcor_basic_defconfig | 2 +-
configs/taurus_defconfig | 2 +-
13 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/common/spl/Kconfig b/common/spl/Kconfig
index 84f2847c72..43485af468 100644
--- a/common/spl/Kconfig
+++ b/common/spl/Kconfig
@@ -225,7 +225,7 @@ config SPL_RAW_IMAGE_SUPPORT
is y. If this is not set, SPL will move on to other available
boot media to find a suitable image.
-config SPL_LEGACY_IMAGE_SUPPORT
+config SPL_LEGACY_IMAGE_FORMAT
bool "Support SPL loading and booting of Legacy images"
default y if !TI_SECURE_DEVICE && !SPL_LOAD_FIT
help
@@ -235,7 +235,7 @@ config SPL_LEGACY_IMAGE_SUPPORT
config SPL_LEGACY_IMAGE_CRC_CHECK
bool "Check CRC of Legacy images"
- depends on SPL_LEGACY_IMAGE_SUPPORT
+ depends on SPL_LEGACY_IMAGE_FORMAT
select SPL_CRC32
help
Enable this to check the CRC of Legacy images. While this increases
@@ -451,7 +451,7 @@ config SYS_MMCSD_RAW_MODE_EMMC_BOOT_PARTITION
config SPL_CRC32
bool "Support CRC32"
- default y if SPL_LEGACY_IMAGE_SUPPORT || SPL_EFI_PARTITION
+ default y if SPL_LEGACY_IMAGE_FORMAT || SPL_EFI_PARTITION
default y if SPL_ENV_SUPPORT || TPL_BLOBLIST
help
Enable this to support CRC32 in uImages or FIT images within SPL.
diff --git a/common/spl/Makefile b/common/spl/Makefile
index e71e7bee66..13db3df993 100644
--- a/common/spl/Makefile
+++ b/common/spl/Makefile
@@ -10,7 +10,7 @@ ifdef CONFIG_SPL_BUILD
obj-$(CONFIG_$(SPL_TPL_)FRAMEWORK) += spl.o
obj-$(CONFIG_$(SPL_TPL_)BOOTROM_SUPPORT) += spl_bootrom.o
obj-$(CONFIG_$(SPL_TPL_)LOAD_FIT) += spl_fit.o
-obj-$(CONFIG_$(SPL_TPL_)LEGACY_IMAGE_SUPPORT) += spl_legacy.o
+obj-$(CONFIG_$(SPL_TPL_)LEGACY_IMAGE_FORMAT) += spl_legacy.o
obj-$(CONFIG_$(SPL_TPL_)NOR_SUPPORT) += spl_nor.o
obj-$(CONFIG_$(SPL_TPL_)XIP_SUPPORT) += spl_xip.o
obj-$(CONFIG_$(SPL_TPL_)YMODEM_SUPPORT) += spl_ymodem.o
diff --git a/common/spl/spl_nor.c b/common/spl/spl_nor.c
index 0f4fff8493..067a2d42bb 100644
--- a/common/spl/spl_nor.c
+++ b/common/spl/spl_nor.c
@@ -110,7 +110,7 @@ static int spl_nor_load_image(struct spl_image_info *spl_image,
}
/* Legacy image handling */
- if (IS_ENABLED(CONFIG_SPL_LEGACY_IMAGE_SUPPORT)) {
+ if (IS_ENABLED(CONFIG_SPL_LEGACY_IMAGE_FORMAT)) {
load.bl_len = 1;
load.read = spl_nor_load_read;
return spl_load_legacy_img(spl_image, bootdev, &load,
diff --git a/configs/axm_defconfig b/configs/axm_defconfig
index 457bf76bd4..89b9f9faea 100644
--- a/configs/axm_defconfig
+++ b/configs/axm_defconfig
@@ -35,7 +35,7 @@ CONFIG_USE_BOOTCOMMAND=y
CONFIG_BOOTCOMMAND="run flash_self"
# CONFIG_DISPLAY_BOARDINFO is not set
CONFIG_BOARD_EARLY_INIT_F=y
-# CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set
+# CONFIG_SPL_LEGACY_IMAGE_FORMAT is not set
CONFIG_SPL_SYS_MALLOC_SIMPLE=y
CONFIG_SPL_CRC32=y
CONFIG_SPL_NAND_SUPPORT=y
diff --git a/configs/imx8mm_data_modul_edm_sbc_defconfig b/configs/imx8mm_data_modul_edm_sbc_defconfig
index afc8c43ca9..edceb18201 100644
--- a/configs/imx8mm_data_modul_edm_sbc_defconfig
+++ b/configs/imx8mm_data_modul_edm_sbc_defconfig
@@ -42,7 +42,7 @@ CONFIG_SYS_CONSOLE_ENV_OVERWRITE=y
CONFIG_ARCH_MISC_INIT=y
CONFIG_BOARD_LATE_INIT=y
# CONFIG_SPL_RAW_IMAGE_SUPPORT is not set
-CONFIG_SPL_LEGACY_IMAGE_SUPPORT=y
+CONFIG_SPL_LEGACY_IMAGE_FORMAT=y
CONFIG_SPL_LEGACY_IMAGE_CRC_CHECK=y
CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x300
diff --git a/configs/imx8mn_evk_defconfig b/configs/imx8mn_evk_defconfig
index 22fad70c5d..c18c19fa14 100644
--- a/configs/imx8mn_evk_defconfig
+++ b/configs/imx8mn_evk_defconfig
@@ -29,7 +29,7 @@ CONFIG_BOARD_LATE_INIT=y
CONFIG_SPL_BOARD_INIT=y
CONFIG_SPL_BOOTROM_SUPPORT=y
# CONFIG_SPL_RAW_IMAGE_SUPPORT is not set
-CONFIG_SPL_LEGACY_IMAGE_SUPPORT=y
+CONFIG_SPL_LEGACY_IMAGE_FORMAT=y
CONFIG_SPL_LEGACY_IMAGE_CRC_CHECK=y
CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x300
diff --git a/configs/kontron-sl-mx6ul_defconfig b/configs/kontron-sl-mx6ul_defconfig
index a59dacf27b..11e4e956c8 100644
--- a/configs/kontron-sl-mx6ul_defconfig
+++ b/configs/kontron-sl-mx6ul_defconfig
@@ -26,7 +26,7 @@ CONFIG_OF_BOARD_SETUP=y
CONFIG_SYS_CONSOLE_IS_IN_ENV=y
CONFIG_BOARD_TYPES=y
CONFIG_BOARD_EARLY_INIT_F=y
-CONFIG_SPL_LEGACY_IMAGE_SUPPORT=y
+CONFIG_SPL_LEGACY_IMAGE_FORMAT=y
CONFIG_SPL_LEGACY_IMAGE_CRC_CHECK=y
CONFIG_SPL_USB_HOST=y
CONFIG_SPL_USB_GADGET=y
diff --git a/configs/mx6sabreauto_defconfig b/configs/mx6sabreauto_defconfig
index 0c7aaa6a20..053026daa3 100644
--- a/configs/mx6sabreauto_defconfig
+++ b/configs/mx6sabreauto_defconfig
@@ -32,7 +32,7 @@ CONFIG_BOOTCOMMAND="run findfdt;mmc dev ${mmcdev};if mmc rescan; then if run loa
# CONFIG_CONSOLE_MUX is not set
CONFIG_SYS_CONSOLE_IS_IN_ENV=y
CONFIG_SYS_CONSOLE_OVERWRITE_ROUTINE=y
-CONFIG_SPL_LEGACY_IMAGE_SUPPORT=y
+CONFIG_SPL_LEGACY_IMAGE_FORMAT=y
CONFIG_SPL_FIT_IMAGE_TINY=y
CONFIG_SPL_FS_EXT4=y
CONFIG_SPL_I2C=y
diff --git a/configs/mx6sabresd_defconfig b/configs/mx6sabresd_defconfig
index c8d9ebdc64..674384c878 100644
--- a/configs/mx6sabresd_defconfig
+++ b/configs/mx6sabresd_defconfig
@@ -31,7 +31,7 @@ CONFIG_BOOTCOMMAND="run findfdt;mmc dev ${mmcdev};if mmc rescan; then if run loa
# CONFIG_CONSOLE_MUX is not set
CONFIG_SYS_CONSOLE_IS_IN_ENV=y
CONFIG_SYS_CONSOLE_OVERWRITE_ROUTINE=y
-CONFIG_SPL_LEGACY_IMAGE_SUPPORT=y
+CONFIG_SPL_LEGACY_IMAGE_FORMAT=y
CONFIG_SPL_FIT_IMAGE_TINY=y
CONFIG_SPL_USB_HOST=y
CONFIG_SPL_USB_GADGET=y
diff --git a/configs/openpiton_riscv64_spl_defconfig b/configs/openpiton_riscv64_spl_defconfig
index cbcbe42caf..8a7e3ccf3d 100644
--- a/configs/openpiton_riscv64_spl_defconfig
+++ b/configs/openpiton_riscv64_spl_defconfig
@@ -20,7 +20,7 @@ CONFIG_ENV_VARS_UBOOT_CONFIG=y
# CONFIG_ARCH_FIXUP_FDT_MEMORY is not set
CONFIG_USE_BOOTCOMMAND=y
CONFIG_BOOTCOMMAND="fdt addr ${fdtcontroladdr}; fdt move ${fdtcontroladdr} ${fdt_addr_r}; load mmc ${mmcdev}:${mmcpart} ${kernel_addr_r} ${image}; booti ${kernel_addr_r} - ${fdt_addr_r}; "
-# CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set
+# CONFIG_SPL_LEGACY_IMAGE_FORMAT is not set
CONFIG_SPL_SYS_MALLOC_SIMPLE=y
# CONFIG_SPL_BANNER_PRINT is not set
CONFIG_SPL_CPU=y
diff --git a/configs/stm32mp15_dhcom_basic_defconfig b/configs/stm32mp15_dhcom_basic_defconfig
index ec955eae20..2dfeaacf5f 100644
--- a/configs/stm32mp15_dhcom_basic_defconfig
+++ b/configs/stm32mp15_dhcom_basic_defconfig
@@ -25,7 +25,7 @@ CONFIG_BOOTDELAY=1
CONFIG_BOOTCOMMAND="run bootcmd_stm32mp"
CONFIG_CONSOLE_MUX=y
CONFIG_BOARD_EARLY_INIT_F=y
-CONFIG_SPL_LEGACY_IMAGE_SUPPORT=y
+CONFIG_SPL_LEGACY_IMAGE_FORMAT=y
CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_PARTITION=y
CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_PARTITION=3
CONFIG_SPL_ENV_SUPPORT=y
diff --git a/configs/stm32mp15_dhcor_basic_defconfig b/configs/stm32mp15_dhcor_basic_defconfig
index 387e068155..373ead834d 100644
--- a/configs/stm32mp15_dhcor_basic_defconfig
+++ b/configs/stm32mp15_dhcor_basic_defconfig
@@ -23,7 +23,7 @@ CONFIG_BOOTDELAY=1
CONFIG_BOOTCOMMAND="run bootcmd_stm32mp"
CONFIG_CONSOLE_MUX=y
CONFIG_BOARD_EARLY_INIT_F=y
-CONFIG_SPL_LEGACY_IMAGE_SUPPORT=y
+CONFIG_SPL_LEGACY_IMAGE_FORMAT=y
CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_PARTITION=y
CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_PARTITION=3
CONFIG_SPL_ENV_SUPPORT=y
diff --git a/configs/taurus_defconfig b/configs/taurus_defconfig
index c24b4488a7..e6bef6c974 100644
--- a/configs/taurus_defconfig
+++ b/configs/taurus_defconfig
@@ -39,7 +39,7 @@ CONFIG_USE_BOOTCOMMAND=y
CONFIG_BOOTCOMMAND="nand read 0x22000000 0x200000 0x300000; bootm"
# CONFIG_DISPLAY_BOARDINFO is not set
CONFIG_BOARD_EARLY_INIT_F=y
-# CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set
+# CONFIG_SPL_LEGACY_IMAGE_FORMAT is not set
CONFIG_SPL_SYS_MALLOC_SIMPLE=y
CONFIG_SPL_CRC32=y
CONFIG_SPL_NAND_SUPPORT=y
--
2.36.0
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH 2/4] spl: Force disable non-FIT loading for TI secure devices
2022-05-04 20:52 [PATCH 1/4] spl: Rename Kconfig SPL_LEGACY_IMAGE_SUPPORT to SPL_LEGACY_IMAGE_FORMAT Andrew Davis
@ 2022-05-04 20:52 ` Andrew Davis
2022-05-05 13:14 ` Tom Rini
2022-05-11 17:31 ` Tom Rini
2022-05-04 20:52 ` [PATCH 3/4] boot: Kconfig: Disable " Andrew Davis
` (3 subsequent siblings)
4 siblings, 2 replies; 12+ messages in thread
From: Andrew Davis @ 2022-05-04 20:52 UTC (permalink / raw)
To: Simon Glass, Tom Rini, u-boot; +Cc: Andrew Davis
Booting of non-FIT images bypass our chain-of-trust boot flow,
these options should not be allowed when high security is set.
Signed-off-by: Andrew Davis <afd@ti.com>
---
common/spl/Kconfig | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/common/spl/Kconfig b/common/spl/Kconfig
index 43485af468..50ff113cab 100644
--- a/common/spl/Kconfig
+++ b/common/spl/Kconfig
@@ -219,7 +219,8 @@ config SPL_BOOTCOUNT_LIMIT
config SPL_RAW_IMAGE_SUPPORT
bool "Support SPL loading and booting of RAW images"
default n if (ARCH_MX6 && (SPL_MMC || SPL_SATA))
- default y if !TI_SECURE_DEVICE
+ default y
+ depends on !TI_SECURE_DEVICE
help
SPL will support loading and booting a RAW image when this option
is y. If this is not set, SPL will move on to other available
@@ -227,7 +228,8 @@ config SPL_RAW_IMAGE_SUPPORT
config SPL_LEGACY_IMAGE_FORMAT
bool "Support SPL loading and booting of Legacy images"
- default y if !TI_SECURE_DEVICE && !SPL_LOAD_FIT
+ default y if !SPL_LOAD_FIT
+ depends on !TI_SECURE_DEVICE
help
SPL will support loading and booting Legacy images when this option
is y. If this is not set, SPL will move on to other available
--
2.36.0
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH 3/4] boot: Kconfig: Disable non-FIT loading for TI secure devices
2022-05-04 20:52 [PATCH 1/4] spl: Rename Kconfig SPL_LEGACY_IMAGE_SUPPORT to SPL_LEGACY_IMAGE_FORMAT Andrew Davis
2022-05-04 20:52 ` [PATCH 2/4] spl: Force disable non-FIT loading for TI secure devices Andrew Davis
@ 2022-05-04 20:52 ` Andrew Davis
2022-05-05 13:14 ` Tom Rini
2022-05-11 17:31 ` Tom Rini
2022-05-04 20:52 ` [PATCH 4/4] boot: Kconfig: Enable FIT processing by default on " Andrew Davis
` (2 subsequent siblings)
4 siblings, 2 replies; 12+ messages in thread
From: Andrew Davis @ 2022-05-04 20:52 UTC (permalink / raw)
To: Simon Glass, Tom Rini, u-boot; +Cc: Andrew Davis
Non-FIT image loading support should be disabled for TI secure
devices as the image handlers for those image types do not follow
our secure boot checks.
Signed-off-by: Andrew Davis <afd@ti.com>
---
boot/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/boot/Kconfig b/boot/Kconfig
index 4b0802b8c6..9780473190 100644
--- a/boot/Kconfig
+++ b/boot/Kconfig
@@ -405,7 +405,7 @@ endif
config LEGACY_IMAGE_FORMAT
bool "Enable support for the legacy image format"
- default y if !FIT_SIGNATURE
+ default y if !FIT_SIGNATURE && !TI_SECURE_DEVICE
help
This option enables the legacy image format. It is enabled by
default for backward compatibility, unless FIT_SIGNATURE is
--
2.36.0
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH 4/4] boot: Kconfig: Enable FIT processing by default on TI secure devices
2022-05-04 20:52 [PATCH 1/4] spl: Rename Kconfig SPL_LEGACY_IMAGE_SUPPORT to SPL_LEGACY_IMAGE_FORMAT Andrew Davis
2022-05-04 20:52 ` [PATCH 2/4] spl: Force disable non-FIT loading for TI secure devices Andrew Davis
2022-05-04 20:52 ` [PATCH 3/4] boot: Kconfig: Disable " Andrew Davis
@ 2022-05-04 20:52 ` Andrew Davis
2022-05-05 13:14 ` Tom Rini
2022-05-11 17:31 ` Tom Rini
2022-05-05 13:14 ` [PATCH 1/4] spl: Rename Kconfig SPL_LEGACY_IMAGE_SUPPORT to SPL_LEGACY_IMAGE_FORMAT Tom Rini
2022-05-11 17:31 ` Tom Rini
4 siblings, 2 replies; 12+ messages in thread
From: Andrew Davis @ 2022-05-04 20:52 UTC (permalink / raw)
To: Simon Glass, Tom Rini, u-boot; +Cc: Andrew Davis
TI secure devices chain-of-trust depends on FIT image processing,
enable it by default on these devices. This also reduces the delta
between the secure and non-secure defconfig files.
Signed-off-by: Andrew Davis <afd@ti.com>
---
boot/Kconfig | 2 ++
1 file changed, 2 insertions(+)
diff --git a/boot/Kconfig b/boot/Kconfig
index 9780473190..dff4d23b88 100644
--- a/boot/Kconfig
+++ b/boot/Kconfig
@@ -123,6 +123,7 @@ config FIT_BEST_MATCH
config FIT_IMAGE_POST_PROCESS
bool "Enable post-processing of FIT artifacts after loading by U-Boot"
depends on TI_SECURE_DEVICE || SOCFPGA_SECURE_VAB_AUTH
+ default y if TI_SECURE_DEVICE
help
Allows doing any sort of manipulation to blobs after they got extracted
from FIT images like stripping off headers or modifying the size of the
@@ -254,6 +255,7 @@ config SPL_LOAD_FIT_FULL
config SPL_FIT_IMAGE_POST_PROCESS
bool "Enable post-processing of FIT artifacts after loading by the SPL"
depends on SPL_LOAD_FIT
+ default y if TI_SECURE_DEVICE
help
Allows doing any sort of manipulation to blobs after they got extracted
from the U-Boot FIT image like stripping off headers or modifying the
--
2.36.0
^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH 1/4] spl: Rename Kconfig SPL_LEGACY_IMAGE_SUPPORT to SPL_LEGACY_IMAGE_FORMAT
2022-05-04 20:52 [PATCH 1/4] spl: Rename Kconfig SPL_LEGACY_IMAGE_SUPPORT to SPL_LEGACY_IMAGE_FORMAT Andrew Davis
` (2 preceding siblings ...)
2022-05-04 20:52 ` [PATCH 4/4] boot: Kconfig: Enable FIT processing by default on " Andrew Davis
@ 2022-05-05 13:14 ` Tom Rini
2022-05-11 17:31 ` Tom Rini
4 siblings, 0 replies; 12+ messages in thread
From: Tom Rini @ 2022-05-05 13:14 UTC (permalink / raw)
To: Andrew Davis; +Cc: Simon Glass, u-boot
[-- Attachment #1: Type: text/plain, Size: 373 bytes --]
On Wed, May 04, 2022 at 03:52:25PM -0500, Andrew Davis wrote:
> This matches what this support is called in the non-SPL case. The postfix
> _SUPPORT is redundant as enabling Kconfig options implies support.
> With this we can use CONFIG_IS_ENABLED() as needed.
>
> Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 2/4] spl: Force disable non-FIT loading for TI secure devices
2022-05-04 20:52 ` [PATCH 2/4] spl: Force disable non-FIT loading for TI secure devices Andrew Davis
@ 2022-05-05 13:14 ` Tom Rini
2022-05-11 17:31 ` Tom Rini
1 sibling, 0 replies; 12+ messages in thread
From: Tom Rini @ 2022-05-05 13:14 UTC (permalink / raw)
To: Andrew Davis; +Cc: Simon Glass, u-boot
[-- Attachment #1: Type: text/plain, Size: 303 bytes --]
On Wed, May 04, 2022 at 03:52:26PM -0500, Andrew Davis wrote:
> Booting of non-FIT images bypass our chain-of-trust boot flow,
> these options should not be allowed when high security is set.
>
> Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 3/4] boot: Kconfig: Disable non-FIT loading for TI secure devices
2022-05-04 20:52 ` [PATCH 3/4] boot: Kconfig: Disable " Andrew Davis
@ 2022-05-05 13:14 ` Tom Rini
2022-05-11 17:31 ` Tom Rini
1 sibling, 0 replies; 12+ messages in thread
From: Tom Rini @ 2022-05-05 13:14 UTC (permalink / raw)
To: Andrew Davis; +Cc: Simon Glass, u-boot
[-- Attachment #1: Type: text/plain, Size: 333 bytes --]
On Wed, May 04, 2022 at 03:52:27PM -0500, Andrew Davis wrote:
> Non-FIT image loading support should be disabled for TI secure
> devices as the image handlers for those image types do not follow
> our secure boot checks.
>
> Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 4/4] boot: Kconfig: Enable FIT processing by default on TI secure devices
2022-05-04 20:52 ` [PATCH 4/4] boot: Kconfig: Enable FIT processing by default on " Andrew Davis
@ 2022-05-05 13:14 ` Tom Rini
2022-05-11 17:31 ` Tom Rini
1 sibling, 0 replies; 12+ messages in thread
From: Tom Rini @ 2022-05-05 13:14 UTC (permalink / raw)
To: Andrew Davis; +Cc: Simon Glass, u-boot
[-- Attachment #1: Type: text/plain, Size: 364 bytes --]
On Wed, May 04, 2022 at 03:52:28PM -0500, Andrew Davis wrote:
> TI secure devices chain-of-trust depends on FIT image processing,
> enable it by default on these devices. This also reduces the delta
> between the secure and non-secure defconfig files.
>
> Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 1/4] spl: Rename Kconfig SPL_LEGACY_IMAGE_SUPPORT to SPL_LEGACY_IMAGE_FORMAT
2022-05-04 20:52 [PATCH 1/4] spl: Rename Kconfig SPL_LEGACY_IMAGE_SUPPORT to SPL_LEGACY_IMAGE_FORMAT Andrew Davis
` (3 preceding siblings ...)
2022-05-05 13:14 ` [PATCH 1/4] spl: Rename Kconfig SPL_LEGACY_IMAGE_SUPPORT to SPL_LEGACY_IMAGE_FORMAT Tom Rini
@ 2022-05-11 17:31 ` Tom Rini
4 siblings, 0 replies; 12+ messages in thread
From: Tom Rini @ 2022-05-11 17:31 UTC (permalink / raw)
To: Andrew Davis; +Cc: Simon Glass, u-boot
[-- Attachment #1: Type: text/plain, Size: 410 bytes --]
On Wed, May 04, 2022 at 03:52:25PM -0500, Andrew Davis wrote:
> This matches what this support is called in the non-SPL case. The postfix
> _SUPPORT is redundant as enabling Kconfig options implies support.
> With this we can use CONFIG_IS_ENABLED() as needed.
>
> Signed-off-by: Andrew Davis <afd@ti.com>
> Reviewed-by: Tom Rini <trini@konsulko.com>
Applied to u-boot/master, thanks!
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 2/4] spl: Force disable non-FIT loading for TI secure devices
2022-05-04 20:52 ` [PATCH 2/4] spl: Force disable non-FIT loading for TI secure devices Andrew Davis
2022-05-05 13:14 ` Tom Rini
@ 2022-05-11 17:31 ` Tom Rini
1 sibling, 0 replies; 12+ messages in thread
From: Tom Rini @ 2022-05-11 17:31 UTC (permalink / raw)
To: Andrew Davis; +Cc: Simon Glass, u-boot
[-- Attachment #1: Type: text/plain, Size: 340 bytes --]
On Wed, May 04, 2022 at 03:52:26PM -0500, Andrew Davis wrote:
> Booting of non-FIT images bypass our chain-of-trust boot flow,
> these options should not be allowed when high security is set.
>
> Signed-off-by: Andrew Davis <afd@ti.com>
> Reviewed-by: Tom Rini <trini@konsulko.com>
Applied to u-boot/master, thanks!
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 3/4] boot: Kconfig: Disable non-FIT loading for TI secure devices
2022-05-04 20:52 ` [PATCH 3/4] boot: Kconfig: Disable " Andrew Davis
2022-05-05 13:14 ` Tom Rini
@ 2022-05-11 17:31 ` Tom Rini
1 sibling, 0 replies; 12+ messages in thread
From: Tom Rini @ 2022-05-11 17:31 UTC (permalink / raw)
To: Andrew Davis; +Cc: Simon Glass, u-boot
[-- Attachment #1: Type: text/plain, Size: 370 bytes --]
On Wed, May 04, 2022 at 03:52:27PM -0500, Andrew Davis wrote:
> Non-FIT image loading support should be disabled for TI secure
> devices as the image handlers for those image types do not follow
> our secure boot checks.
>
> Signed-off-by: Andrew Davis <afd@ti.com>
> Reviewed-by: Tom Rini <trini@konsulko.com>
Applied to u-boot/master, thanks!
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 4/4] boot: Kconfig: Enable FIT processing by default on TI secure devices
2022-05-04 20:52 ` [PATCH 4/4] boot: Kconfig: Enable FIT processing by default on " Andrew Davis
2022-05-05 13:14 ` Tom Rini
@ 2022-05-11 17:31 ` Tom Rini
1 sibling, 0 replies; 12+ messages in thread
From: Tom Rini @ 2022-05-11 17:31 UTC (permalink / raw)
To: Andrew Davis; +Cc: Simon Glass, u-boot
[-- Attachment #1: Type: text/plain, Size: 401 bytes --]
On Wed, May 04, 2022 at 03:52:28PM -0500, Andrew Davis wrote:
> TI secure devices chain-of-trust depends on FIT image processing,
> enable it by default on these devices. This also reduces the delta
> between the secure and non-secure defconfig files.
>
> Signed-off-by: Andrew Davis <afd@ti.com>
> Reviewed-by: Tom Rini <trini@konsulko.com>
Applied to u-boot/master, thanks!
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2022-05-11 17:32 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-04 20:52 [PATCH 1/4] spl: Rename Kconfig SPL_LEGACY_IMAGE_SUPPORT to SPL_LEGACY_IMAGE_FORMAT Andrew Davis
2022-05-04 20:52 ` [PATCH 2/4] spl: Force disable non-FIT loading for TI secure devices Andrew Davis
2022-05-05 13:14 ` Tom Rini
2022-05-11 17:31 ` Tom Rini
2022-05-04 20:52 ` [PATCH 3/4] boot: Kconfig: Disable " Andrew Davis
2022-05-05 13:14 ` Tom Rini
2022-05-11 17:31 ` Tom Rini
2022-05-04 20:52 ` [PATCH 4/4] boot: Kconfig: Enable FIT processing by default on " Andrew Davis
2022-05-05 13:14 ` Tom Rini
2022-05-11 17:31 ` Tom Rini
2022-05-05 13:14 ` [PATCH 1/4] spl: Rename Kconfig SPL_LEGACY_IMAGE_SUPPORT to SPL_LEGACY_IMAGE_FORMAT Tom Rini
2022-05-11 17:31 ` Tom Rini
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.