* [U-Boot] [PATCH 0/7] Adds support for secure boot on Keystone SoCs (K2E) @ 2016-08-26 6:30 ` Madan Srinivas 2016-08-26 6:30 ` [U-Boot] [PATCH 1/7] include: image.h: Fixes build warning with CONFIG_FIT_IMAGE_POST_PROCESS Madan Srinivas ` (6 more replies) 0 siblings, 7 replies; 36+ messages in thread From: Madan Srinivas @ 2016-08-26 6:30 UTC (permalink / raw) To: u-boot This series adds support for secure keystone family of devices, more specifically for K2E (Edison).This work is similar to what has already been done for the AM43xx and AM57xx SoCs and leverages much of the infrastructure from them. The big difference here is the ROM on keystone2 devices does not provide any APIs for image authentication. Rather, the image authentication and decryption routines and other security functions are provided by software and can run on the ARM in Trustzone as well as on secure DSPs. A component known as the boot monitor acts as they gateway to this secure processing, and abstracts out the details from the public world. Unlike OMAP class devices, where u-boot calls ROM APIs, u-boot calls into the boot- monitor on keystone devices. Other than this difference, most of the secure framework for AMxx and DRAxx devices have been re-used. Couple of other points to note :- -Support for SPL on secure keystone devices is still TBD, so boot from SPI flash, which needs SPL, is not supported currently on K2 devices. -A single image will work across all boot media for secure K2 devices. Madan Srinivas (4): include: image.h: Fixes build warning with CONFIG_FIT_IMAGE_POST_PROCESS arm: omap-common: Reuse secure image name between OMAP and keystone arm: mach-keystone: config.mk: Adds support for secure images on K2 doc: Updates info on using keystone secure devices from TI Vitaly Andrianov (3): arm: mach-keystone: Implements FIT post-processing call for keystone SoCs arm: omap-common: Enable support for K2 HS devices in u-boot configs: Adds a defconfig for K2E High Security EVM arch/arm/cpu/armv7/omap-common/Kconfig | 2 +- arch/arm/cpu/armv7/omap-common/config_secure.mk | 4 +- arch/arm/mach-keystone/config.mk | 6 +++ arch/arm/mach-keystone/mon.c | 53 +++++++++++++++++++++++++ configs/k2e_hs_evm_defconfig | 44 ++++++++++++++++++++ doc/README.ti-secure | 20 ++++++++++ include/image.h | 3 +- 7 files changed, 129 insertions(+), 3 deletions(-) create mode 100644 configs/k2e_hs_evm_defconfig -- 2.7.4 ^ permalink raw reply [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH 1/7] include: image.h: Fixes build warning with CONFIG_FIT_IMAGE_POST_PROCESS 2016-08-26 6:30 ` [U-Boot] [PATCH 0/7] Adds support for secure boot on Keystone SoCs (K2E) Madan Srinivas @ 2016-08-26 6:30 ` Madan Srinivas 2016-08-29 14:52 ` Andrew F. Davis 2016-08-26 6:30 ` [U-Boot] [PATCH 2/7] arm: mach-keystone: Implements FIT post-processing call for keystone SoCs Madan Srinivas ` (5 subsequent siblings) 6 siblings, 1 reply; 36+ messages in thread From: Madan Srinivas @ 2016-08-26 6:30 UTC (permalink / raw) To: u-boot The function board_fit_image_post_process is defined only when the config CONFIG_FIT_IMAGE_POST_PROCESS is enabled. For secure systems that do not use SPL but use FIT kernel images, only CONFIG_FIT_IMAGE_POST_PROCESS will defined, which will result in an implicit declaration of function 'board_fit_image_post_process' warning while building u-boot. This patch fixes this warning. Signed-off-by: Madan Srinivas <madans@ti.com> --- include/image.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/image.h b/include/image.h index 64da722..6884421 100644 --- a/include/image.h +++ b/include/image.h @@ -1245,7 +1245,8 @@ void android_print_contents(const struct andr_img_hdr *hdr); */ int board_fit_config_name_match(const char *name); -#ifdef CONFIG_SPL_FIT_IMAGE_POST_PROCESS +#if defined(CONFIG_SPL_FIT_IMAGE_POST_PROCESS) || \ + defined(CONFIG_FIT_IMAGE_POST_PROCESS) /** * board_fit_image_post_process() - Do any post-process on FIT binary data * -- 2.7.4 ^ permalink raw reply related [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH 1/7] include: image.h: Fixes build warning with CONFIG_FIT_IMAGE_POST_PROCESS 2016-08-26 6:30 ` [U-Boot] [PATCH 1/7] include: image.h: Fixes build warning with CONFIG_FIT_IMAGE_POST_PROCESS Madan Srinivas @ 2016-08-29 14:52 ` Andrew F. Davis 0 siblings, 0 replies; 36+ messages in thread From: Andrew F. Davis @ 2016-08-29 14:52 UTC (permalink / raw) To: u-boot On 08/26/2016 01:30 AM, Madan Srinivas wrote: > The function board_fit_image_post_process is defined only when the config I think you mean "declared" here, it is "defined" when ether CONFIG_SPL_FIT_IMAGE_POST_PROCESS *or* CONFIG_FIT_IMAGE_POST_PROCESS is enabled, but only "declared" here in this header when the first is enabled. > CONFIG_FIT_IMAGE_POST_PROCESS is enabled. For secure systems that do not > use SPL but use FIT kernel images, only CONFIG_FIT_IMAGE_POST_PROCESS will I think you are missing a word here. (will {be} defined) > defined, which will result in an implicit declaration of function > 'board_fit_image_post_process' warning while building u-boot. This > patch fixes this warning. > > Signed-off-by: Madan Srinivas <madans@ti.com> Otherwise looks good to me, Acked-by: Andrew F. Davis <afd@ti.com> > --- > > include/image.h | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/include/image.h b/include/image.h > index 64da722..6884421 100644 > --- a/include/image.h > +++ b/include/image.h > @@ -1245,7 +1245,8 @@ void android_print_contents(const struct andr_img_hdr *hdr); > */ > int board_fit_config_name_match(const char *name); > > -#ifdef CONFIG_SPL_FIT_IMAGE_POST_PROCESS > +#if defined(CONFIG_SPL_FIT_IMAGE_POST_PROCESS) || \ > + defined(CONFIG_FIT_IMAGE_POST_PROCESS) > /** > * board_fit_image_post_process() - Do any post-process on FIT binary data > * > ^ permalink raw reply [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH 2/7] arm: mach-keystone: Implements FIT post-processing call for keystone SoCs 2016-08-26 6:30 ` [U-Boot] [PATCH 0/7] Adds support for secure boot on Keystone SoCs (K2E) Madan Srinivas 2016-08-26 6:30 ` [U-Boot] [PATCH 1/7] include: image.h: Fixes build warning with CONFIG_FIT_IMAGE_POST_PROCESS Madan Srinivas @ 2016-08-26 6:30 ` Madan Srinivas 2016-08-29 16:22 ` Dan Murphy 2016-08-30 9:03 ` Lokesh Vutla 2016-08-26 6:30 ` [U-Boot] [PATCH 3/7] arm: omap-common: Enable support for K2 HS devices in u-boot Madan Srinivas ` (4 subsequent siblings) 6 siblings, 2 replies; 36+ messages in thread From: Madan Srinivas @ 2016-08-26 6:30 UTC (permalink / raw) To: u-boot From: Vitaly Andrianov <vitalya@ti.com> This commit implements the board_fit_image_post_process() function for the keystone architecture. Unlike OMAP class devices, security functions in keystone are not handled in the ROM. The interface to the secure functions is TI proprietary and depending on the keystone platform, the security functions like encryption, decryption and authentication might even be offloaded to other secure processing elements in the SoC. The boot monitor acts as the gateway to these secure functions and the boot monitor for secure devices is available as part of the SECDEV package for KS2. For more details refer doc/README.ti-secure Signed-off-by: Vitaly Andrianov <vitalya@ti.com> Signed-off-by: Madan Srinivas <madans@ti.com> --- arch/arm/mach-keystone/mon.c | 53 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/arch/arm/mach-keystone/mon.c b/arch/arm/mach-keystone/mon.c index 256f630..b4a6f1c 100644 --- a/arch/arm/mach-keystone/mon.c +++ b/arch/arm/mach-keystone/mon.c @@ -12,10 +12,31 @@ #include <mach/mon.h> asm(".arch_extension sec\n\t"); +#ifdef CONFIG_TI_SECURE_DEVICE +#define KS2_HS_AUTH_FN_OFFSET 8 +#define KS2_HS_SEC_HEADER_LEN 0x60 +#define KS2_AUTH_CMD "2" +/** + * (*fn_auth)() - Invokes security functions using a + * proprietary TI interface. This binary and source for + * this is available in the secure development package or + * SECDEV. For details on how to access this please refer + * doc/README.ti-secure + * + * @first param: no. of parameters + * @second param: parameter list + * @return non-zero value on success, zero on error + */ +static unsigned int (*fn_auth)(int, char * const []); +#endif + int mon_install(u32 addr, u32 dpsc, u32 freq) { int result; +#ifdef CONFIG_TI_SECURE_DEVICE + fn_auth = (void *)(addr + KS2_HS_AUTH_FN_OFFSET); +#endif __asm__ __volatile__ ( "stmfd r13!, {lr}\n" "mov r0, %1\n" @@ -61,3 +82,35 @@ int mon_power_off(int core_id) : "cc", "r0", "r1", "memory"); return result; } + +#ifdef CONFIG_TI_SECURE_DEVICE +static void k2_hs_auth(void *addr) +{ + char *argv1 = KS2_AUTH_CMD; + char argv2[32]; + char *argv[3] = {NULL, argv1, argv2}; + int ret; + + sprintf(argv2, "0x%08x", (u32)addr); + ret = fn_auth(3, argv); + + if (ret == 0) { + printf("FAIL!!!\n"); /* remove form production code */ + hang(); + } +} + +void board_fit_image_post_process(void **p_image, size_t *p_size) +{ + void *dst = *p_image; + void *src = dst + KS2_HS_SEC_HEADER_LEN; + + k2_hs_auth(*p_image); + + /* + * Overwrite the image headers after authentication + * and decryption. Move the image to its run address + */ + memcpy(dst, src, *p_size - KS2_HS_SEC_HEADER_LEN); +} +#endif -- 2.7.4 ^ permalink raw reply related [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH 2/7] arm: mach-keystone: Implements FIT post-processing call for keystone SoCs 2016-08-26 6:30 ` [U-Boot] [PATCH 2/7] arm: mach-keystone: Implements FIT post-processing call for keystone SoCs Madan Srinivas @ 2016-08-29 16:22 ` Dan Murphy 2016-08-30 9:03 ` Lokesh Vutla 1 sibling, 0 replies; 36+ messages in thread From: Dan Murphy @ 2016-08-29 16:22 UTC (permalink / raw) To: u-boot On 08/26/2016 01:30 AM, Madan Srinivas wrote: > From: Vitaly Andrianov <vitalya@ti.com> > > This commit implements the board_fit_image_post_process() function for > the keystone architecture. Unlike OMAP class devices, security > functions in keystone are not handled in the ROM. > The interface to the secure functions is TI proprietary and depending > on the keystone platform, the security functions like encryption, > decryption and authentication might even be offloaded to other secure > processing elements in the SoC. > The boot monitor acts as the gateway to these secure functions and the > boot monitor for secure devices is available as part of the SECDEV > package for KS2. For more details refer doc/README.ti-secure > > Signed-off-by: Vitaly Andrianov <vitalya@ti.com> > Signed-off-by: Madan Srinivas <madans@ti.com> > --- > > arch/arm/mach-keystone/mon.c | 53 ++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 53 insertions(+) > > diff --git a/arch/arm/mach-keystone/mon.c b/arch/arm/mach-keystone/mon.c > index 256f630..b4a6f1c 100644 > --- a/arch/arm/mach-keystone/mon.c > +++ b/arch/arm/mach-keystone/mon.c > @@ -12,10 +12,31 @@ > #include <mach/mon.h> > asm(".arch_extension sec\n\t"); > > +#ifdef CONFIG_TI_SECURE_DEVICE > +#define KS2_HS_AUTH_FN_OFFSET 8 > +#define KS2_HS_SEC_HEADER_LEN 0x60 > +#define KS2_AUTH_CMD "2" > +/** > + * (*fn_auth)() - Invokes security functions using a > + * proprietary TI interface. This binary and source for > + * this is available in the secure development package or > + * SECDEV. For details on how to access this please refer > + * doc/README.ti-secure > + * > + * @first param: no. of parameters > + * @second param: parameter list > + * @return non-zero value on success, zero on error > + */ > +static unsigned int (*fn_auth)(int, char * const []); > +#endif > + > int mon_install(u32 addr, u32 dpsc, u32 freq) > { > int result; > > +#ifdef CONFIG_TI_SECURE_DEVICE > + fn_auth = (void *)(addr + KS2_HS_AUTH_FN_OFFSET); > +#endif > __asm__ __volatile__ ( > "stmfd r13!, {lr}\n" > "mov r0, %1\n" > @@ -61,3 +82,35 @@ int mon_power_off(int core_id) > : "cc", "r0", "r1", "memory"); > return result; > } > + > +#ifdef CONFIG_TI_SECURE_DEVICE > +static void k2_hs_auth(void *addr) > +{ > + char *argv1 = KS2_AUTH_CMD; > + char argv2[32]; > + char *argv[3] = {NULL, argv1, argv2}; > + int ret; > + > + sprintf(argv2, "0x%08x", (u32)addr); > + ret = fn_auth(3, argv); > + > + if (ret == 0) { Can this be if (!ret)? > + printf("FAIL!!!\n"); /* remove form production code */ Wouldn't this be production code? If this print is intended to stay the s/form/from Dan > + hang(); > + } > +} > + > +void board_fit_image_post_process(void **p_image, size_t *p_size) > +{ > + void *dst = *p_image; > + void *src = dst + KS2_HS_SEC_HEADER_LEN; > + > + k2_hs_auth(*p_image); > + > + /* > + * Overwrite the image headers after authentication > + * and decryption. Move the image to its run address > + */ > + memcpy(dst, src, *p_size - KS2_HS_SEC_HEADER_LEN); > +} > +#endif -- ------------------ Dan Murphy ^ permalink raw reply [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH 2/7] arm: mach-keystone: Implements FIT post-processing call for keystone SoCs 2016-08-26 6:30 ` [U-Boot] [PATCH 2/7] arm: mach-keystone: Implements FIT post-processing call for keystone SoCs Madan Srinivas 2016-08-29 16:22 ` Dan Murphy @ 2016-08-30 9:03 ` Lokesh Vutla 1 sibling, 0 replies; 36+ messages in thread From: Lokesh Vutla @ 2016-08-30 9:03 UTC (permalink / raw) To: u-boot On Friday 26 August 2016 12:00 PM, Madan Srinivas wrote: > From: Vitaly Andrianov <vitalya@ti.com> > > This commit implements the board_fit_image_post_process() function for > the keystone architecture. Unlike OMAP class devices, security > functions in keystone are not handled in the ROM. > The interface to the secure functions is TI proprietary and depending > on the keystone platform, the security functions like encryption, > decryption and authentication might even be offloaded to other secure > processing elements in the SoC. > The boot monitor acts as the gateway to these secure functions and the > boot monitor for secure devices is available as part of the SECDEV > package for KS2. For more details refer doc/README.ti-secure > > Signed-off-by: Vitaly Andrianov <vitalya@ti.com> > Signed-off-by: Madan Srinivas <madans@ti.com> > --- > > arch/arm/mach-keystone/mon.c | 53 ++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 53 insertions(+) > > diff --git a/arch/arm/mach-keystone/mon.c b/arch/arm/mach-keystone/mon.c > index 256f630..b4a6f1c 100644 > --- a/arch/arm/mach-keystone/mon.c > +++ b/arch/arm/mach-keystone/mon.c > @@ -12,10 +12,31 @@ > #include <mach/mon.h> > asm(".arch_extension sec\n\t"); > > +#ifdef CONFIG_TI_SECURE_DEVICE > +#define KS2_HS_AUTH_FN_OFFSET 8 > +#define KS2_HS_SEC_HEADER_LEN 0x60 > +#define KS2_AUTH_CMD "2" > +/** > + * (*fn_auth)() - Invokes security functions using a > + * proprietary TI interface. This binary and source for > + * this is available in the secure development package or > + * SECDEV. For details on how to access this please refer > + * doc/README.ti-secure > + * > + * @first param: no. of parameters > + * @second param: parameter list > + * @return non-zero value on success, zero on error > + */ > +static unsigned int (*fn_auth)(int, char * const []); > +#endif > + > int mon_install(u32 addr, u32 dpsc, u32 freq) > { > int result; > > +#ifdef CONFIG_TI_SECURE_DEVICE > + fn_auth = (void *)(addr + KS2_HS_AUTH_FN_OFFSET); > +#endif > __asm__ __volatile__ ( > "stmfd r13!, {lr}\n" > "mov r0, %1\n" > @@ -61,3 +82,35 @@ int mon_power_off(int core_id) > : "cc", "r0", "r1", "memory"); > return result; > } > + > +#ifdef CONFIG_TI_SECURE_DEVICE > +static void k2_hs_auth(void *addr) > +{ > + char *argv1 = KS2_AUTH_CMD; > + char argv2[32]; > + char *argv[3] = {NULL, argv1, argv2}; > + int ret; > + > + sprintf(argv2, "0x%08x", (u32)addr); > + ret = fn_auth(3, argv); Can fn_auth be checked before calling it? Just to make sure monitor is installed before processing any image. > + > + if (ret == 0) { > + printf("FAIL!!!\n"); /* remove form production code */ > + hang(); > + } > +} > + > +void board_fit_image_post_process(void **p_image, size_t *p_size) > +{ > + void *dst = *p_image; > + void *src = dst + KS2_HS_SEC_HEADER_LEN; > + > + k2_hs_auth(*p_image); > + > + /* > + * Overwrite the image headers after authentication > + * and decryption. Move the image to its run address > + */ > + memcpy(dst, src, *p_size - KS2_HS_SEC_HEADER_LEN); Technically image is not being moved to its run address. This is just updating FIT image after post processing. Also, *p_size should be updated to remove header size. Thanks and regards, Lokesh > +} > +#endif > ^ permalink raw reply [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH 3/7] arm: omap-common: Enable support for K2 HS devices in u-boot 2016-08-26 6:30 ` [U-Boot] [PATCH 0/7] Adds support for secure boot on Keystone SoCs (K2E) Madan Srinivas 2016-08-26 6:30 ` [U-Boot] [PATCH 1/7] include: image.h: Fixes build warning with CONFIG_FIT_IMAGE_POST_PROCESS Madan Srinivas 2016-08-26 6:30 ` [U-Boot] [PATCH 2/7] arm: mach-keystone: Implements FIT post-processing call for keystone SoCs Madan Srinivas @ 2016-08-26 6:30 ` Madan Srinivas 2016-08-29 14:56 ` Andrew F. Davis 2016-08-29 17:02 ` Dan Murphy 2016-08-26 6:30 ` [U-Boot] [PATCH 4/7] arm: omap-common: Reuse secure image name between OMAP and keystone Madan Srinivas ` (3 subsequent siblings) 6 siblings, 2 replies; 36+ messages in thread From: Madan Srinivas @ 2016-08-26 6:30 UTC (permalink / raw) To: u-boot From: Vitaly Andrianov <vitalya@ti.com> Like the OMAP54xx, AM43xx & AM33xx family SoCs, the keystone family of SoCs also have high security enabled models. Allow K2E devices to be built with HS Device Type Support. This patch applies on top of the patch ti: omap-common: Allow AM33xx devices to be built securely sumitted by Andrew Davis Signed-off-by: Vitaly Andrianov <vitalya@ti.com> Signed-off-by: Madan Srinivas <madans@ti.com> --- arch/arm/cpu/armv7/omap-common/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/cpu/armv7/omap-common/Kconfig b/arch/arm/cpu/armv7/omap-common/Kconfig index 4daccd9..91d6b2c 100644 --- a/arch/arm/cpu/armv7/omap-common/Kconfig +++ b/arch/arm/cpu/armv7/omap-common/Kconfig @@ -1,6 +1,6 @@ config TI_SECURE_DEVICE bool "HS Device Type Support" - depends on OMAP54XX || AM43XX || AM33XX + depends on OMAP54XX || AM43XX || AM33XX || ARCH_KEYSTONE help If a high secure (HS) device type is being used, this config must be set. This option impacts various aspects of the -- 2.7.4 ^ permalink raw reply related [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH 3/7] arm: omap-common: Enable support for K2 HS devices in u-boot 2016-08-26 6:30 ` [U-Boot] [PATCH 3/7] arm: omap-common: Enable support for K2 HS devices in u-boot Madan Srinivas @ 2016-08-29 14:56 ` Andrew F. Davis 2016-08-29 17:02 ` Dan Murphy 1 sibling, 0 replies; 36+ messages in thread From: Andrew F. Davis @ 2016-08-29 14:56 UTC (permalink / raw) To: u-boot On 08/26/2016 01:30 AM, Madan Srinivas wrote: > From: Vitaly Andrianov <vitalya@ti.com> > > Like the OMAP54xx, AM43xx & AM33xx family SoCs, the keystone family > of SoCs also have high security enabled models. Allow K2E devices to > be built with HS Device Type Support. > > This patch applies on top of the patch > ti: omap-common: Allow AM33xx devices to be built securely > sumitted by Andrew Davis > > Signed-off-by: Vitaly Andrianov <vitalya@ti.com> > Signed-off-by: Madan Srinivas <madans@ti.com> > --- Acked-by: Andrew F. Davis <afd@ti.com> > > arch/arm/cpu/armv7/omap-common/Kconfig | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/arm/cpu/armv7/omap-common/Kconfig b/arch/arm/cpu/armv7/omap-common/Kconfig > index 4daccd9..91d6b2c 100644 > --- a/arch/arm/cpu/armv7/omap-common/Kconfig > +++ b/arch/arm/cpu/armv7/omap-common/Kconfig > @@ -1,6 +1,6 @@ > config TI_SECURE_DEVICE > bool "HS Device Type Support" > - depends on OMAP54XX || AM43XX || AM33XX > + depends on OMAP54XX || AM43XX || AM33XX || ARCH_KEYSTONE > help > If a high secure (HS) device type is being used, this config > must be set. This option impacts various aspects of the > ^ permalink raw reply [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH 3/7] arm: omap-common: Enable support for K2 HS devices in u-boot 2016-08-26 6:30 ` [U-Boot] [PATCH 3/7] arm: omap-common: Enable support for K2 HS devices in u-boot Madan Srinivas 2016-08-29 14:56 ` Andrew F. Davis @ 2016-08-29 17:02 ` Dan Murphy 1 sibling, 0 replies; 36+ messages in thread From: Dan Murphy @ 2016-08-29 17:02 UTC (permalink / raw) To: u-boot On 08/26/2016 01:30 AM, Madan Srinivas wrote: > From: Vitaly Andrianov <vitalya@ti.com> > > Like the OMAP54xx, AM43xx & AM33xx family SoCs, the keystone family > of SoCs also have high security enabled models. Allow K2E devices to > be built with HS Device Type Support. > > This patch applies on top of the patch > ti: omap-common: Allow AM33xx devices to be built securely > sumitted by Andrew Davis > > Signed-off-by: Vitaly Andrianov <vitalya@ti.com> > Signed-off-by: Madan Srinivas <madans@ti.com> > --- > > arch/arm/cpu/armv7/omap-common/Kconfig | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/arm/cpu/armv7/omap-common/Kconfig b/arch/arm/cpu/armv7/omap-common/Kconfig > index 4daccd9..91d6b2c 100644 > --- a/arch/arm/cpu/armv7/omap-common/Kconfig > +++ b/arch/arm/cpu/armv7/omap-common/Kconfig > @@ -1,6 +1,6 @@ > config TI_SECURE_DEVICE > bool "HS Device Type Support" > - depends on OMAP54XX || AM43XX || AM33XX > + depends on OMAP54XX || AM43XX || AM33XX || ARCH_KEYSTONE > help > If a high secure (HS) device type is being used, this config > must be set. This option impacts various aspects of the Acked-by: Dan Murphy <dmurphy@ti.com> -- ------------------ Dan Murphy ^ permalink raw reply [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH 4/7] arm: omap-common: Reuse secure image name between OMAP and keystone 2016-08-26 6:30 ` [U-Boot] [PATCH 0/7] Adds support for secure boot on Keystone SoCs (K2E) Madan Srinivas ` (2 preceding siblings ...) 2016-08-26 6:30 ` [U-Boot] [PATCH 3/7] arm: omap-common: Enable support for K2 HS devices in u-boot Madan Srinivas @ 2016-08-26 6:30 ` Madan Srinivas 2016-08-29 15:10 ` Andrew F. Davis 2016-08-26 6:30 ` [U-Boot] [PATCH 5/7] arm: mach-keystone: config.mk: Adds support for secure images on K2 Madan Srinivas ` (2 subsequent siblings) 6 siblings, 1 reply; 36+ messages in thread From: Madan Srinivas @ 2016-08-26 6:30 UTC (permalink / raw) To: u-boot As K2 can directly boot u-boot, re-use u-boot_HS_XIP_X-LOADER as the secure image while booting secure K2 devices. Updates the comments in the file to reflect this. Signed-off-by: Madan Srinivas <madans@ti.com> --- arch/arm/cpu/armv7/omap-common/config_secure.mk | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/arm/cpu/armv7/omap-common/config_secure.mk b/arch/arm/cpu/armv7/omap-common/config_secure.mk index 1122439..ae5e8de 100644 --- a/arch/arm/cpu/armv7/omap-common/config_secure.mk +++ b/arch/arm/cpu/armv7/omap-common/config_secure.mk @@ -78,7 +78,9 @@ u-boot-spl_HS_SPI_X-LOADER: $(obj)/u-boot-spl.bin # For supporting single stage XiP QSPI on AM43xx, the image is a full u-boot # file, not an SPL. In this case the mkomapsecimg command looks for a -# u-boot-HS_* prefix +# u-boot-HS_* prefix. Keystone devices also support a single stage boot +# so this image can be used for booting from all media on keystone +# secure devices u-boot_HS_XIP_X-LOADER: $(obj)/u-boot.bin $(call if_changed,mkomapsecimg) -- 2.7.4 ^ permalink raw reply related [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH 4/7] arm: omap-common: Reuse secure image name between OMAP and keystone 2016-08-26 6:30 ` [U-Boot] [PATCH 4/7] arm: omap-common: Reuse secure image name between OMAP and keystone Madan Srinivas @ 2016-08-29 15:10 ` Andrew F. Davis 0 siblings, 0 replies; 36+ messages in thread From: Andrew F. Davis @ 2016-08-29 15:10 UTC (permalink / raw) To: u-boot On 08/26/2016 01:30 AM, Madan Srinivas wrote: > As K2 can directly boot u-boot, re-use u-boot_HS_XIP_X-LOADER > as the secure image while booting secure K2 devices. Updates the > comments in the file to reflect this. > > Signed-off-by: Madan Srinivas <madans@ti.com> > --- > > arch/arm/cpu/armv7/omap-common/config_secure.mk | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/arch/arm/cpu/armv7/omap-common/config_secure.mk b/arch/arm/cpu/armv7/omap-common/config_secure.mk > index 1122439..ae5e8de 100644 > --- a/arch/arm/cpu/armv7/omap-common/config_secure.mk > +++ b/arch/arm/cpu/armv7/omap-common/config_secure.mk > @@ -78,7 +78,9 @@ u-boot-spl_HS_SPI_X-LOADER: $(obj)/u-boot-spl.bin > > # For supporting single stage XiP QSPI on AM43xx, the image is a full u-boot If we are re-using this name for as the various mode image for K2, then this above line is wrong, and much of the XIP* info in this file is then wrong. I think it would make more sense to just go ahead and add a new target for this, u-boot_HS_MLO perhaps, as the "MLO" target is already used for K2 as the general boot media target. > # file, not an SPL. In this case the mkomapsecimg command looks for a > -# u-boot-HS_* prefix > +# u-boot-HS_* prefix. Keystone devices also support a single stage boot > +# so this image can be used for booting from all media on keystone > +# secure devices > u-boot_HS_XIP_X-LOADER: $(obj)/u-boot.bin > $(call if_changed,mkomapsecimg) > > ^ permalink raw reply [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH 5/7] arm: mach-keystone: config.mk: Adds support for secure images on K2 2016-08-26 6:30 ` [U-Boot] [PATCH 0/7] Adds support for secure boot on Keystone SoCs (K2E) Madan Srinivas ` (3 preceding siblings ...) 2016-08-26 6:30 ` [U-Boot] [PATCH 4/7] arm: omap-common: Reuse secure image name between OMAP and keystone Madan Srinivas @ 2016-08-26 6:30 ` Madan Srinivas 2016-08-29 15:21 ` Andrew F. Davis 2016-08-26 6:30 ` [U-Boot] [PATCH 6/7] doc: Updates info on using keystone secure devices from TI Madan Srinivas 2016-08-26 6:30 ` [U-Boot] [PATCH 7/7] configs: Adds a defconfig for K2E High Security EVM Madan Srinivas 6 siblings, 1 reply; 36+ messages in thread From: Madan Srinivas @ 2016-08-26 6:30 UTC (permalink / raw) To: u-boot Adds an additional image type needed for supporting secure keystone devices. The build generates u-boot_HS_XIP_X-LOADER which can be used to boot from all media on secure keystone devices. Signed-off-by: Madan Srinivas <madans@ti.com> --- arch/arm/mach-keystone/config.mk | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/arm/mach-keystone/config.mk b/arch/arm/mach-keystone/config.mk index 9ae1e9a..565d718 100644 --- a/arch/arm/mach-keystone/config.mk +++ b/arch/arm/mach-keystone/config.mk @@ -5,9 +5,15 @@ # SPDX-License-Identifier: GPL-2.0+ # +include $(srctree)/$(CPUDIR)/omap-common/config_secure.mk + ifndef CONFIG_SPL_BUILD +ifeq ($(CONFIG_TI_SECURE_DEVICE),y) +ALL-y += u-boot_HS_XIP_X-LOADER +else ALL-y += MLO endif +endif MKIMAGEFLAGS_u-boot-spl.gph = -A $(ARCH) -T gpimage -C none \ -a $(CONFIG_SPL_TEXT_BASE) -e $(CONFIG_SPL_TEXT_BASE) -n SPL -- 2.7.4 ^ permalink raw reply related [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH 5/7] arm: mach-keystone: config.mk: Adds support for secure images on K2 2016-08-26 6:30 ` [U-Boot] [PATCH 5/7] arm: mach-keystone: config.mk: Adds support for secure images on K2 Madan Srinivas @ 2016-08-29 15:21 ` Andrew F. Davis 0 siblings, 0 replies; 36+ messages in thread From: Andrew F. Davis @ 2016-08-29 15:21 UTC (permalink / raw) To: u-boot On 08/26/2016 01:30 AM, Madan Srinivas wrote: > Adds an additional image type needed for supporting secure keystone > devices. The build generates u-boot_HS_XIP_X-LOADER which can > be used to boot from all media on secure keystone devices. > > Signed-off-by: Madan Srinivas <madans@ti.com> > --- > > arch/arm/mach-keystone/config.mk | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/arch/arm/mach-keystone/config.mk b/arch/arm/mach-keystone/config.mk > index 9ae1e9a..565d718 100644 > --- a/arch/arm/mach-keystone/config.mk > +++ b/arch/arm/mach-keystone/config.mk > @@ -5,9 +5,15 @@ > # SPDX-License-Identifier: GPL-2.0+ > # > > +include $(srctree)/$(CPUDIR)/omap-common/config_secure.mk > + > ifndef CONFIG_SPL_BUILD > +ifeq ($(CONFIG_TI_SECURE_DEVICE),y) > +ALL-y += u-boot_HS_XIP_X-LOADER Same comment as before, u-boot_HS_MLO here would match the regular MLO target below. > +else > ALL-y += MLO > endif > +endif > > MKIMAGEFLAGS_u-boot-spl.gph = -A $(ARCH) -T gpimage -C none \ > -a $(CONFIG_SPL_TEXT_BASE) -e $(CONFIG_SPL_TEXT_BASE) -n SPL > ^ permalink raw reply [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH 6/7] doc: Updates info on using keystone secure devices from TI 2016-08-26 6:30 ` [U-Boot] [PATCH 0/7] Adds support for secure boot on Keystone SoCs (K2E) Madan Srinivas ` (4 preceding siblings ...) 2016-08-26 6:30 ` [U-Boot] [PATCH 5/7] arm: mach-keystone: config.mk: Adds support for secure images on K2 Madan Srinivas @ 2016-08-26 6:30 ` Madan Srinivas 2016-08-26 6:30 ` [U-Boot] [PATCH 7/7] configs: Adds a defconfig for K2E High Security EVM Madan Srinivas 6 siblings, 0 replies; 36+ messages in thread From: Madan Srinivas @ 2016-08-26 6:30 UTC (permalink / raw) To: u-boot Add a section describing the secure boot image used on keystone secure devices. This patch applies on top of the patch doc: Update info on using AM33xx secure devices from TI submitted by Andrew Davis Signed-off-by: Madan Srinivas <madans@ti.com> --- doc/README.ti-secure | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/doc/README.ti-secure b/doc/README.ti-secure index 9b0fbf9..ffda69a 100644 --- a/doc/README.ti-secure +++ b/doc/README.ti-secure @@ -133,6 +133,26 @@ Booting of U-Boot SPL u-boot-spl_HS_X-LOADER - boot image for all other flash memories including QSPI and NOR flash + Invoking the script for Keystone Secure Devices + ============================================= + + create-boot-image.sh \ + <UNUSED> <INPUT_FILE> <OUTPUT_FILE> <UNUSED> + + <UNUSED> is currently ignored and reserved for future use. + + <INPUT_FILE> is the full path and filename of the public world boot + loader binary file (only u-boot.bin is currently supported on + keystone devices, u-boot-spl.bin is not currently supported). + + <OUTPUT_FILE> is the full path and filename of the final secure + image. The output binary images should be used in place of the standard + non-secure binary images (see the platform-specific user's guides and + releases notes for how the non-secure images are typically used) + u-boot_HS_XIP_X-LOADER - signed and encrypted boot image that can + be used to boot from all media. Secure boot from SPI NOR + flash is not currently supported. + Booting of Primary U-Boot (u-boot.img) ====================================== -- 2.7.4 ^ permalink raw reply related [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH 7/7] configs: Adds a defconfig for K2E High Security EVM 2016-08-26 6:30 ` [U-Boot] [PATCH 0/7] Adds support for secure boot on Keystone SoCs (K2E) Madan Srinivas ` (5 preceding siblings ...) 2016-08-26 6:30 ` [U-Boot] [PATCH 6/7] doc: Updates info on using keystone secure devices from TI Madan Srinivas @ 2016-08-26 6:30 ` Madan Srinivas 2016-08-29 15:28 ` Andrew F. Davis 6 siblings, 1 reply; 36+ messages in thread From: Madan Srinivas @ 2016-08-26 6:30 UTC (permalink / raw) To: u-boot From: Vitaly Andrianov <vitalya@ti.com> Add a new defconfig file for the K2E High Security EVM. This defconfig is the same as for the non-secure part, except for: CONFIG_TI_SECURE_DEVICE option set to 'y' CONFIG_FIT option set to 'y' CONFIG_FIT_IMAGE_POST_PROCESS option set to 'y' Enables the platform-specific post-processing of FIT-extracted blobs such as Kernel, DTB, and initramfs on TI K2E high-security (HS) devices which will ultimately invokes TI proprietary secure functions that performs secure processing such as blob authentication and decryption. Signed-off-by: Vitaly Andrianov <vitalya@ti.com> Signed-off-by: Madan Srinivas <madans@ti.com> --- configs/k2e_hs_evm_defconfig | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 configs/k2e_hs_evm_defconfig diff --git a/configs/k2e_hs_evm_defconfig b/configs/k2e_hs_evm_defconfig new file mode 100644 index 0000000..ec0542d --- /dev/null +++ b/configs/k2e_hs_evm_defconfig @@ -0,0 +1,44 @@ +CONFIG_ARM=y +CONFIG_ARCH_KEYSTONE=y +CONFIG_TARGET_K2E_EVM=y +CONFIG_DM_SERIAL=y +CONFIG_DEFAULT_DEVICE_TREE="k2e-evm" +CONFIG_SPL=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_HUSH_PARSER=y +CONFIG_SYS_PROMPT="K2E EVM # " +CONFIG_CMD_BOOTZ=y +# CONFIG_CMD_IMLS is not set +CONFIG_CMD_ASKENV=y +# CONFIG_CMD_FLASH is not set +CONFIG_CMD_NAND=y +CONFIG_CMD_SF=y +CONFIG_CMD_SPI=y +CONFIG_CMD_I2C=y +CONFIG_CMD_USB=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_DHCP=y +CONFIG_CMD_MII=y +CONFIG_CMD_PING=y +CONFIG_CMD_EXT2=y +CONFIG_CMD_EXT4=y +CONFIG_CMD_EXT4_WRITE=y +CONFIG_CMD_FAT=y +CONFIG_CMD_FS_GENERIC=y +CONFIG_OF_CONTROL=y +CONFIG_DM=y +CONFIG_TI_AEMIF=y +CONFIG_DM_SPI=y +CONFIG_DM_SPI_FLASH=y +CONFIG_SPI_FLASH=y +CONFIG_SPI_FLASH_STMICRO=y +CONFIG_DM_ETH=y +CONFIG_SYS_NS16550=y +CONFIG_USB=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DWC3=y +CONFIG_LIB_RAND=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_TI_SECURE_DEVICE=y +CONFIG_FIT=y +CONFIG_FIT_IMAGE_POST_PROCESS=y -- 2.7.4 ^ permalink raw reply related [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH 7/7] configs: Adds a defconfig for K2E High Security EVM 2016-08-26 6:30 ` [U-Boot] [PATCH 7/7] configs: Adds a defconfig for K2E High Security EVM Madan Srinivas @ 2016-08-29 15:28 ` Andrew F. Davis 0 siblings, 0 replies; 36+ messages in thread From: Andrew F. Davis @ 2016-08-29 15:28 UTC (permalink / raw) To: u-boot On 08/26/2016 01:30 AM, Madan Srinivas wrote: > From: Vitaly Andrianov <vitalya@ti.com> > > Add a new defconfig file for the K2E High Security EVM. > > This defconfig is the same as for the non-secure part, except for: > CONFIG_TI_SECURE_DEVICE option set to 'y' > CONFIG_FIT option set to 'y' > CONFIG_FIT_IMAGE_POST_PROCESS option set to 'y' > > Enables the platform-specific post-processing of FIT-extracted blobs such > as Kernel, DTB, and initramfs on TI K2E high-security (HS) devices > which will ultimately invokes TI proprietary secure functions > that performs secure processing such as blob authentication and > decryption. > > Signed-off-by: Vitaly Andrianov <vitalya@ti.com> > Signed-off-by: Madan Srinivas <madans@ti.com> > --- > > configs/k2e_hs_evm_defconfig | 44 ++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 44 insertions(+) > create mode 100644 configs/k2e_hs_evm_defconfig > > diff --git a/configs/k2e_hs_evm_defconfig b/configs/k2e_hs_evm_defconfig > new file mode 100644 > index 0000000..ec0542d > --- /dev/null > +++ b/configs/k2e_hs_evm_defconfig > @@ -0,0 +1,44 @@ > +CONFIG_ARM=y > +CONFIG_ARCH_KEYSTONE=y > +CONFIG_TARGET_K2E_EVM=y > +CONFIG_DM_SERIAL=y > +CONFIG_DEFAULT_DEVICE_TREE="k2e-evm" > +CONFIG_SPL=y > +CONFIG_OF_BOARD_SETUP=y > +CONFIG_HUSH_PARSER=y > +CONFIG_SYS_PROMPT="K2E EVM # " > +CONFIG_CMD_BOOTZ=y > +# CONFIG_CMD_IMLS is not set > +CONFIG_CMD_ASKENV=y > +# CONFIG_CMD_FLASH is not set > +CONFIG_CMD_NAND=y > +CONFIG_CMD_SF=y > +CONFIG_CMD_SPI=y > +CONFIG_CMD_I2C=y > +CONFIG_CMD_USB=y > +# CONFIG_CMD_SETEXPR is not set > +CONFIG_CMD_DHCP=y > +CONFIG_CMD_MII=y > +CONFIG_CMD_PING=y > +CONFIG_CMD_EXT2=y > +CONFIG_CMD_EXT4=y > +CONFIG_CMD_EXT4_WRITE=y > +CONFIG_CMD_FAT=y > +CONFIG_CMD_FS_GENERIC=y > +CONFIG_OF_CONTROL=y > +CONFIG_DM=y > +CONFIG_TI_AEMIF=y > +CONFIG_DM_SPI=y > +CONFIG_DM_SPI_FLASH=y > +CONFIG_SPI_FLASH=y > +CONFIG_SPI_FLASH_STMICRO=y > +CONFIG_DM_ETH=y > +CONFIG_SYS_NS16550=y > +CONFIG_USB=y > +CONFIG_USB_XHCI_HCD=y > +CONFIG_USB_XHCI_DWC3=y > +CONFIG_LIB_RAND=y > +CONFIG_NET_RANDOM_ETHADDR=y > +CONFIG_TI_SECURE_DEVICE=y > +CONFIG_FIT=y > +CONFIG_FIT_IMAGE_POST_PROCESS=y > Although it makes it more clear when adding new options to add them to the end, when someone regenerates this defconfig with savedefconfig or similar tools, these options will get moved up into their natural order, causing more delta to their patches than necessary. This should be regenerated (make k2e_hs_evm_defconfig; make savedefconfig; cp defconfig configs/k2e_hs_evm_defconfig). ^ permalink raw reply [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH v2 0/7] Adds support for secure boot on Keystone SoCs (K2E) @ 2016-09-01 5:04 ` Madan Srinivas 2016-09-01 5:04 ` [U-Boot] [PATCH v2 1/7] include: image.h: Fixes build warning with CONFIG_FIT_IMAGE_POST_PROCESS Madan Srinivas ` (7 more replies) 0 siblings, 8 replies; 36+ messages in thread From: Madan Srinivas @ 2016-09-01 5:04 UTC (permalink / raw) To: u-boot This series adds support for secure keystone family of devices, more specifically for K2E (Edison).This work is similar to what has already been done for the AM43xx and AM57xx SoCs and leverages much of the infrastructure from them. The big difference here is the ROM on keystone2 devices does not provide any APIs for image authentication. Rather, the image authentication and decryption routines and other security functions are provided by software and can run on the ARM in Trustzone as well as on secure DSPs. A component known as the boot monitor acts as they gateway to this secure processing, and abstracts out the details from the public world. Unlike OMAP class devices, where u-boot calls ROM APIs, u-boot calls into the boot- monitor on keystone devices. Other than this difference, most of the secure framework for AMxx and DRAxx devices have been re-used. Couple of other points to note :- -Support for SPL on secure keystone devices is still TBD, so boot from SPI flash, which needs SPL, is not supported currently on K2 devices. -A single image will work across all other boot media for secure K2 devices. Changes in v2: - Corrects typo in commit message for PATCH 1/7 in this series - The following changes are made to mon.c based on review comments Adds NULL pointer check before calling authentication interface Removes an unnecessary printf Updates size of signed FIT blob after post processing removes header - Adds a new name for the signed output image in config_secure.mk to keep it in line with the image name used by non-secure keystone devices. - Changes the target for secure keystone devices in config.mk to u-boot_HS_MLO to keep it in line with the MLO target that is built for non-secure keystone devices. - Updates k2e_hs_evm_defconfig to reduce the delta seen if one regenerates it using savedefconfig or similar tools. Madan Srinivas (4): include: image.h: Fixes build warning with CONFIG_FIT_IMAGE_POST_PROCESS arm: omap-common: adds secure image name common to OMAP and keystone arm: mach-keystone: config.mk: Adds support for secure images on K2 doc: Updates info on using keystone secure devices from TI Vitaly Andrianov (3): arm: mach-keystone: Implements FIT post-processing call for keystone SoCs arm: omap-common: Enable support for K2 HS devices in u-boot configs: Adds a defconfig for K2E High Security EVM arch/arm/cpu/armv7/omap-common/Kconfig | 2 +- arch/arm/cpu/armv7/omap-common/config_secure.mk | 6 +++ arch/arm/mach-keystone/config.mk | 6 +++ arch/arm/mach-keystone/mon.c | 55 +++++++++++++++++++++++++ configs/k2e_hs_evm_defconfig | 43 +++++++++++++++++++ doc/README.ti-secure | 20 +++++++++ include/image.h | 3 +- 7 files changed, 133 insertions(+), 2 deletions(-) create mode 100644 configs/k2e_hs_evm_defconfig -- 2.7.4 ^ permalink raw reply [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH v2 1/7] include: image.h: Fixes build warning with CONFIG_FIT_IMAGE_POST_PROCESS 2016-09-01 5:04 ` [U-Boot] [PATCH v2 0/7] Adds support for secure boot on Keystone SoCs (K2E) Madan Srinivas @ 2016-09-01 5:04 ` Madan Srinivas 2016-09-06 13:34 ` Tom Rini 2016-09-06 13:34 ` Tom Rini 2016-09-01 5:04 ` [U-Boot] [PATCH v2 2/7] arm: mach-keystone: Implements FIT post-processing call for keystone SoCs Madan Srinivas ` (6 subsequent siblings) 7 siblings, 2 replies; 36+ messages in thread From: Madan Srinivas @ 2016-09-01 5:04 UTC (permalink / raw) To: u-boot The function board_fit_image_post_process is defined only when the config CONFIG_FIT_IMAGE_POST_PROCESS is enabled. For secure systems that do not use SPL but use FIT kernel images, only CONFIG_FIT_IMAGE_POST_PROCESS will be defined, which will result in an implicit declaration of function 'board_fit_image_post_process' warning while building u-boot. This patch fixes this warning. Signed-off-by: Madan Srinivas <madans@ti.com> Acked-by: Andrew F. Davis <afd@ti.com> Cc: Andrew F. Davis <afd@ti.com> --- Changes in v2: - Corrects typo in commit message for PATCH 1/7 in this series include/image.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/image.h b/include/image.h index 64da722..6884421 100644 --- a/include/image.h +++ b/include/image.h @@ -1245,7 +1245,8 @@ void android_print_contents(const struct andr_img_hdr *hdr); */ int board_fit_config_name_match(const char *name); -#ifdef CONFIG_SPL_FIT_IMAGE_POST_PROCESS +#if defined(CONFIG_SPL_FIT_IMAGE_POST_PROCESS) || \ + defined(CONFIG_FIT_IMAGE_POST_PROCESS) /** * board_fit_image_post_process() - Do any post-process on FIT binary data * -- 2.7.4 ^ permalink raw reply related [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH v2 1/7] include: image.h: Fixes build warning with CONFIG_FIT_IMAGE_POST_PROCESS 2016-09-01 5:04 ` [U-Boot] [PATCH v2 1/7] include: image.h: Fixes build warning with CONFIG_FIT_IMAGE_POST_PROCESS Madan Srinivas @ 2016-09-06 13:34 ` Tom Rini 2016-09-06 13:34 ` Tom Rini 1 sibling, 0 replies; 36+ messages in thread From: Tom Rini @ 2016-09-06 13:34 UTC (permalink / raw) To: u-boot On Thu, Sep 01, 2016 at 01:04:36AM -0400, Madan Srinivas wrote: > The function board_fit_image_post_process is defined only when the config > CONFIG_FIT_IMAGE_POST_PROCESS is enabled. For secure systems that do not > use SPL but use FIT kernel images, only CONFIG_FIT_IMAGE_POST_PROCESS will > be defined, which will result in an implicit declaration of function > 'board_fit_image_post_process' warning while building u-boot. This > patch fixes this warning. > > Signed-off-by: Madan Srinivas <madans@ti.com> > Acked-by: Andrew F. Davis <afd@ti.com> > > Cc: Andrew F. Davis <afd@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com> -- Tom -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://lists.denx.de/pipermail/u-boot/attachments/20160906/0c055ee8/attachment.sig> ^ permalink raw reply [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH v2 1/7] include: image.h: Fixes build warning with CONFIG_FIT_IMAGE_POST_PROCESS 2016-09-01 5:04 ` [U-Boot] [PATCH v2 1/7] include: image.h: Fixes build warning with CONFIG_FIT_IMAGE_POST_PROCESS Madan Srinivas 2016-09-06 13:34 ` Tom Rini @ 2016-09-06 13:34 ` Tom Rini 1 sibling, 0 replies; 36+ messages in thread From: Tom Rini @ 2016-09-06 13:34 UTC (permalink / raw) To: u-boot On Thu, Sep 01, 2016 at 01:04:36AM -0400, Madan Srinivas wrote: > The function board_fit_image_post_process is defined only when the config > CONFIG_FIT_IMAGE_POST_PROCESS is enabled. For secure systems that do not > use SPL but use FIT kernel images, only CONFIG_FIT_IMAGE_POST_PROCESS will > be defined, which will result in an implicit declaration of function > 'board_fit_image_post_process' warning while building u-boot. This > patch fixes this warning. > > Signed-off-by: Madan Srinivas <madans@ti.com> > Acked-by: Andrew F. Davis <afd@ti.com> > > Cc: Andrew F. Davis <afd@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com> -- Tom -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://lists.denx.de/pipermail/u-boot/attachments/20160906/3f89dabb/attachment.sig> ^ permalink raw reply [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH v2 2/7] arm: mach-keystone: Implements FIT post-processing call for keystone SoCs 2016-09-01 5:04 ` [U-Boot] [PATCH v2 0/7] Adds support for secure boot on Keystone SoCs (K2E) Madan Srinivas 2016-09-01 5:04 ` [U-Boot] [PATCH v2 1/7] include: image.h: Fixes build warning with CONFIG_FIT_IMAGE_POST_PROCESS Madan Srinivas @ 2016-09-01 5:04 ` Madan Srinivas 2016-09-06 13:34 ` Tom Rini 2016-09-01 5:04 ` [U-Boot] [PATCH v2 3/7] arm: omap-common: adds secure image name common to OMAP and keystone Madan Srinivas ` (5 subsequent siblings) 7 siblings, 1 reply; 36+ messages in thread From: Madan Srinivas @ 2016-09-01 5:04 UTC (permalink / raw) To: u-boot From: Vitaly Andrianov <vitalya@ti.com> This commit implements the board_fit_image_post_process() function for the keystone architecture. Unlike OMAP class devices, security functions in keystone are not handled in the ROM. The interface to the secure functions is TI proprietary and depending on the keystone platform, the security functions like encryption, decryption and authentication might even be offloaded to other secure processing elements in the SoC. The boot monitor acts as the gateway to these secure functions and the boot monitor for secure devices is available as part of the SECDEV package for KS2. For more details refer doc/README.ti-secure Signed-off-by: Vitaly Andrianov <vitalya@ti.com> Signed-off-by: Madan Srinivas <madans@ti.com> Cc: Lokesh Vutla <lokeshvutla@ti.com> Cc: Dan Murphy <dmurphy@ti.com> --- Changes in v2: - The following changes are made to mon.c based on review comments Adds NULL pointer check before calling authentication interface Removes an unnecessary printf Updates size of signed FIT blob after post processing removes header arch/arm/mach-keystone/mon.c | 55 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/arch/arm/mach-keystone/mon.c b/arch/arm/mach-keystone/mon.c index 256f630..6b79077 100644 --- a/arch/arm/mach-keystone/mon.c +++ b/arch/arm/mach-keystone/mon.c @@ -12,10 +12,31 @@ #include <mach/mon.h> asm(".arch_extension sec\n\t"); +#ifdef CONFIG_TI_SECURE_DEVICE +#define KS2_HS_AUTH_FN_OFFSET 8 +#define KS2_HS_SEC_HEADER_LEN 0x60 +#define KS2_AUTH_CMD "2" +/** + * (*fn_auth)() - Invokes security functions using a + * proprietary TI interface. This binary and source for + * this is available in the secure development package or + * SECDEV. For details on how to access this please refer + * doc/README.ti-secure + * + * @first param: no. of parameters + * @second param: parameter list + * @return non-zero value on success, zero on error + */ +static unsigned int (*fn_auth)(int, char * const []); +#endif + int mon_install(u32 addr, u32 dpsc, u32 freq) { int result; +#ifdef CONFIG_TI_SECURE_DEVICE + fn_auth = (void *)(addr + KS2_HS_AUTH_FN_OFFSET); +#endif __asm__ __volatile__ ( "stmfd r13!, {lr}\n" "mov r0, %1\n" @@ -61,3 +82,37 @@ int mon_power_off(int core_id) : "cc", "r0", "r1", "memory"); return result; } + +#ifdef CONFIG_TI_SECURE_DEVICE +static void k2_hs_auth(void *addr) +{ + char *argv1 = KS2_AUTH_CMD; + char argv2[32]; + char *argv[3] = {NULL, argv1, argv2}; + int ret = 0; + + sprintf(argv2, "0x%08x", (u32)addr); + + if (fn_auth) + ret = fn_auth(3, argv); + + if (ret == 0) + hang(); +} + +void board_fit_image_post_process(void **p_image, size_t *p_size) +{ + void *dst = *p_image; + void *src = dst + KS2_HS_SEC_HEADER_LEN; + + k2_hs_auth(*p_image); + + /* + * Overwrite the image headers after authentication + * and decryption. Update size to relect removal + * of header. + */ + *p_size -= KS2_HS_SEC_HEADER_LEN; + memcpy(dst, src, *p_size); +} +#endif -- 2.7.4 ^ permalink raw reply related [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH v2 2/7] arm: mach-keystone: Implements FIT post-processing call for keystone SoCs 2016-09-01 5:04 ` [U-Boot] [PATCH v2 2/7] arm: mach-keystone: Implements FIT post-processing call for keystone SoCs Madan Srinivas @ 2016-09-06 13:34 ` Tom Rini 2016-09-08 15:29 ` Srinivas, Madan 0 siblings, 1 reply; 36+ messages in thread From: Tom Rini @ 2016-09-06 13:34 UTC (permalink / raw) To: u-boot On Thu, Sep 01, 2016 at 01:04:37AM -0400, Madan Srinivas wrote: > From: Vitaly Andrianov <vitalya@ti.com> > > This commit implements the board_fit_image_post_process() function for > the keystone architecture. Unlike OMAP class devices, security > functions in keystone are not handled in the ROM. > The interface to the secure functions is TI proprietary and depending > on the keystone platform, the security functions like encryption, > decryption and authentication might even be offloaded to other secure > processing elements in the SoC. > The boot monitor acts as the gateway to these secure functions and the > boot monitor for secure devices is available as part of the SECDEV > package for KS2. For more details refer doc/README.ti-secure > > Signed-off-by: Vitaly Andrianov <vitalya@ti.com> > Signed-off-by: Madan Srinivas <madans@ti.com> > > Cc: Lokesh Vutla <lokeshvutla@ti.com> > Cc: Dan Murphy <dmurphy@ti.com> First, what is done to ensure that the magic blob we're offloading to isn't malicious? Second, this appears to be missing cache flushes that're done in arch/arm/cpu/armv7/omap-common/sec-common.c and, well, why can't we re-use the existing code? Given how rarely IP blocks are written from scratch rather than being an evolution of a previous block I can't imagine that we can't make the code there be re-used nor that we don't need / couldn't use the flushing and alignment checks nor status messages. Thanks! -- Tom -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://lists.denx.de/pipermail/u-boot/attachments/20160906/51e8e8f6/attachment.sig> ^ permalink raw reply [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH v2 2/7] arm: mach-keystone: Implements FIT post-processing call for keystone SoCs 2016-09-06 13:34 ` Tom Rini @ 2016-09-08 15:29 ` Srinivas, Madan 0 siblings, 0 replies; 36+ messages in thread From: Srinivas, Madan @ 2016-09-08 15:29 UTC (permalink / raw) To: u-boot On 9/6/2016 9:34 AM, Tom Rini wrote: > On Thu, Sep 01, 2016 at 01:04:37AM -0400, Madan Srinivas wrote: > >> From: Vitaly Andrianov <vitalya@ti.com> >> >> This commit implements the board_fit_image_post_process() function for >> the keystone architecture. Unlike OMAP class devices, security >> functions in keystone are not handled in the ROM. >> The interface to the secure functions is TI proprietary and depending >> on the keystone platform, the security functions like encryption, >> decryption and authentication might even be offloaded to other secure >> processing elements in the SoC. >> The boot monitor acts as the gateway to these secure functions and the >> boot monitor for secure devices is available as part of the SECDEV >> package for KS2. For more details refer doc/README.ti-secure >> >> Signed-off-by: Vitaly Andrianov <vitalya@ti.com> >> Signed-off-by: Madan Srinivas <madans@ti.com> >> >> Cc: Lokesh Vutla <lokeshvutla@ti.com> >> Cc: Dan Murphy <dmurphy@ti.com> > > First, what is done to ensure that the magic blob we're offloading to > isn't malicious? The magic blob is signed and authenticated as part of the boot flow to ensure that it is not malicious. > Second, this appears to be missing cache flushes > that're done in arch/arm/cpu/armv7/omap-common/sec-common.c and, well, > why can't we re-use the existing code? Given how rarely IP blocks are > written from scratch rather than being an evolution of a previous block Valid point Tom, but this case is the exception to that rule - the Keystone and the OMAP ROMs were developed independently, the keystone ROMs were based on DSP ROMs, not on OMAP, and therefore the code omap-common/in sec-common.c cannot be reused at all for keystone - the calling conventions, parameters APIs are all different. > I can't imagine that we can't make the code there be re-used nor that we > don't need / couldn't use the flushing and alignment checks nor status > messages. Thanks! > Unlike OMAP, in keystone2 for eg, the authentication is also done by DSP, so the code in sec-common.c cannot be reused at all. Even if K2 ROM APIs are used, the calling conventions are different. Also, unlike OMAP, the boot monitor has a secure and non-secure component (everything gets authenticated). Again in OMAP the authentication is always done using only ROM APIs, whereas in keystone the authentication and decryption can be done using ROM, Secure ARM libraries or Secure DSP libraries. Using the current scheme, this can be achieved simply by selecting a different boot monitor binary to include in the signing step, the same u-boot binary will work for all three authentication schemes. Regards, Madan ^ permalink raw reply [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH v2 3/7] arm: omap-common: adds secure image name common to OMAP and keystone 2016-09-01 5:04 ` [U-Boot] [PATCH v2 0/7] Adds support for secure boot on Keystone SoCs (K2E) Madan Srinivas 2016-09-01 5:04 ` [U-Boot] [PATCH v2 1/7] include: image.h: Fixes build warning with CONFIG_FIT_IMAGE_POST_PROCESS Madan Srinivas 2016-09-01 5:04 ` [U-Boot] [PATCH v2 2/7] arm: mach-keystone: Implements FIT post-processing call for keystone SoCs Madan Srinivas @ 2016-09-01 5:04 ` Madan Srinivas 2016-09-06 13:34 ` Tom Rini 2016-09-01 5:04 ` [U-Boot] [PATCH v2 4/7] arm: omap-common: Enable support for K2 HS devices in u-boot Madan Srinivas ` (4 subsequent siblings) 7 siblings, 1 reply; 36+ messages in thread From: Madan Srinivas @ 2016-09-01 5:04 UTC (permalink / raw) To: u-boot As K2 can directly boot u-boot, add u-boot_HS_MLO as the secure image while booting secure K2 devicesr, for all boot modes other than SPI flash. Signed-off-by: Madan Srinivas <madans@ti.com> --- Changes in v2: - Adds a new name for the signed output image in config_secure.mk to keep it in line with the image name used by non-secure keystone devices. arch/arm/cpu/armv7/omap-common/config_secure.mk | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/arm/cpu/armv7/omap-common/config_secure.mk b/arch/arm/cpu/armv7/omap-common/config_secure.mk index 1122439..0ece3f8 100644 --- a/arch/arm/cpu/armv7/omap-common/config_secure.mk +++ b/arch/arm/cpu/armv7/omap-common/config_secure.mk @@ -76,6 +76,12 @@ u-boot-spl_HS_ISSW: $(obj)/u-boot-spl.bin u-boot-spl_HS_SPI_X-LOADER: $(obj)/u-boot-spl.bin $(call if_changed,mkomapsecimg) +# For supporting single stage boot on keystone, the image is a full u-boot +# file, not an SPL. This will work for all boot devices, other than SPI +# flash +u-boot_HS_MLO: $(obj)/u-boot.bin + $(call if_changed,mkomapsecimg) + # For supporting single stage XiP QSPI on AM43xx, the image is a full u-boot # file, not an SPL. In this case the mkomapsecimg command looks for a # u-boot-HS_* prefix -- 2.7.4 ^ permalink raw reply related [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH v2 3/7] arm: omap-common: adds secure image name common to OMAP and keystone 2016-09-01 5:04 ` [U-Boot] [PATCH v2 3/7] arm: omap-common: adds secure image name common to OMAP and keystone Madan Srinivas @ 2016-09-06 13:34 ` Tom Rini 0 siblings, 0 replies; 36+ messages in thread From: Tom Rini @ 2016-09-06 13:34 UTC (permalink / raw) To: u-boot On Thu, Sep 01, 2016 at 01:04:38AM -0400, Madan Srinivas wrote: > As K2 can directly boot u-boot, add u-boot_HS_MLO as the > secure image while booting secure K2 devicesr, for all > boot modes other than SPI flash. > > Signed-off-by: Madan Srinivas <madans@ti.com> > Reviewed-by: Tom Rini <trini@konsulko.com> -- Tom -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://lists.denx.de/pipermail/u-boot/attachments/20160906/8da205df/attachment.sig> ^ permalink raw reply [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH v2 4/7] arm: omap-common: Enable support for K2 HS devices in u-boot 2016-09-01 5:04 ` [U-Boot] [PATCH v2 0/7] Adds support for secure boot on Keystone SoCs (K2E) Madan Srinivas ` (2 preceding siblings ...) 2016-09-01 5:04 ` [U-Boot] [PATCH v2 3/7] arm: omap-common: adds secure image name common to OMAP and keystone Madan Srinivas @ 2016-09-01 5:04 ` Madan Srinivas 2016-09-06 13:34 ` Tom Rini 2016-09-01 5:04 ` [U-Boot] [PATCH v2 5/7] arm: mach-keystone: config.mk: Adds support for secure images on K2 Madan Srinivas ` (3 subsequent siblings) 7 siblings, 1 reply; 36+ messages in thread From: Madan Srinivas @ 2016-09-01 5:04 UTC (permalink / raw) To: u-boot From: Vitaly Andrianov <vitalya@ti.com> Like the OMAP54xx, AM43xx & AM33xx family SoCs, the keystone family of SoCs also have high security enabled models. Allow K2E devices to be built with HS Device Type Support. This patch applies on top of the patch ti: omap-common: Allow AM33xx devices to be built securely submitted by Andrew Davis Signed-off-by: Vitaly Andrianov <vitalya@ti.com> Signed-off-by: Madan Srinivas <madans@ti.com> Acked-by: Andrew F. Davis <afd@ti.com> --- Changes in v2: None arch/arm/cpu/armv7/omap-common/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/cpu/armv7/omap-common/Kconfig b/arch/arm/cpu/armv7/omap-common/Kconfig index 4daccd9..91d6b2c 100644 --- a/arch/arm/cpu/armv7/omap-common/Kconfig +++ b/arch/arm/cpu/armv7/omap-common/Kconfig @@ -1,6 +1,6 @@ config TI_SECURE_DEVICE bool "HS Device Type Support" - depends on OMAP54XX || AM43XX || AM33XX + depends on OMAP54XX || AM43XX || AM33XX || ARCH_KEYSTONE help If a high secure (HS) device type is being used, this config must be set. This option impacts various aspects of the -- 2.7.4 ^ permalink raw reply related [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH v2 4/7] arm: omap-common: Enable support for K2 HS devices in u-boot 2016-09-01 5:04 ` [U-Boot] [PATCH v2 4/7] arm: omap-common: Enable support for K2 HS devices in u-boot Madan Srinivas @ 2016-09-06 13:34 ` Tom Rini 0 siblings, 0 replies; 36+ messages in thread From: Tom Rini @ 2016-09-06 13:34 UTC (permalink / raw) To: u-boot On Thu, Sep 01, 2016 at 01:04:39AM -0400, Madan Srinivas wrote: > From: Vitaly Andrianov <vitalya@ti.com> > > Like the OMAP54xx, AM43xx & AM33xx family SoCs, the keystone family > of SoCs also have high security enabled models. Allow K2E devices to > be built with HS Device Type Support. > > This patch applies on top of the patch > ti: omap-common: Allow AM33xx devices to be built securely > submitted by Andrew Davis > > Signed-off-by: Vitaly Andrianov <vitalya@ti.com> > Signed-off-by: Madan Srinivas <madans@ti.com> > Acked-by: Andrew F. Davis <afd@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com> -- Tom -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://lists.denx.de/pipermail/u-boot/attachments/20160906/8b770e8e/attachment.sig> ^ permalink raw reply [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH v2 5/7] arm: mach-keystone: config.mk: Adds support for secure images on K2 2016-09-01 5:04 ` [U-Boot] [PATCH v2 0/7] Adds support for secure boot on Keystone SoCs (K2E) Madan Srinivas ` (3 preceding siblings ...) 2016-09-01 5:04 ` [U-Boot] [PATCH v2 4/7] arm: omap-common: Enable support for K2 HS devices in u-boot Madan Srinivas @ 2016-09-01 5:04 ` Madan Srinivas 2016-09-02 14:35 ` Andrew F. Davis 2016-09-01 5:04 ` [U-Boot] [PATCH v2 6/7] doc: Updates info on using keystone secure devices from TI Madan Srinivas ` (2 subsequent siblings) 7 siblings, 1 reply; 36+ messages in thread From: Madan Srinivas @ 2016-09-01 5:04 UTC (permalink / raw) To: u-boot Adds an additional image type needed for supporting secure keystone devices. The build generates u-boot_HS_XIP_X-LOADER which can be used to boot from all media on secure keystone devices. Signed-off-by: Madan Srinivas <madans@ti.com> Cc: Andrew F. Davis <afd@ti.com> --- Changes in v2: - Changes the target for secure keystone devices in config.mk to u-boot_HS_MLO to keep it in line with the MLO target that is built for non-secure keystone devices. arch/arm/mach-keystone/config.mk | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/arm/mach-keystone/config.mk b/arch/arm/mach-keystone/config.mk index 9ae1e9a..32fef42 100644 --- a/arch/arm/mach-keystone/config.mk +++ b/arch/arm/mach-keystone/config.mk @@ -5,9 +5,15 @@ # SPDX-License-Identifier: GPL-2.0+ # +include $(srctree)/$(CPUDIR)/omap-common/config_secure.mk + ifndef CONFIG_SPL_BUILD +ifeq ($(CONFIG_TI_SECURE_DEVICE),y) +ALL-y += u-boot_HS_MLO +else ALL-y += MLO endif +endif MKIMAGEFLAGS_u-boot-spl.gph = -A $(ARCH) -T gpimage -C none \ -a $(CONFIG_SPL_TEXT_BASE) -e $(CONFIG_SPL_TEXT_BASE) -n SPL -- 2.7.4 ^ permalink raw reply related [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH v2 5/7] arm: mach-keystone: config.mk: Adds support for secure images on K2 2016-09-01 5:04 ` [U-Boot] [PATCH v2 5/7] arm: mach-keystone: config.mk: Adds support for secure images on K2 Madan Srinivas @ 2016-09-02 14:35 ` Andrew F. Davis 0 siblings, 0 replies; 36+ messages in thread From: Andrew F. Davis @ 2016-09-02 14:35 UTC (permalink / raw) To: u-boot On 09/01/2016 12:04 AM, Madan Srinivas wrote: > Adds an additional image type needed for supporting secure keystone > devices. The build generates u-boot_HS_XIP_X-LOADER which can > be used to boot from all media on secure keystone devices. > > Signed-off-by: Madan Srinivas <madans@ti.com> > > Cc: Andrew F. Davis <afd@ti.com> > --- > > Changes in v2: > - Changes the target for secure keystone devices in config.mk > to u-boot_HS_MLO to keep it in line with the MLO target that > is built for non-secure keystone devices. > The commit message is wrong now, it still calls it XIP_X-LOADER. > arch/arm/mach-keystone/config.mk | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/arch/arm/mach-keystone/config.mk b/arch/arm/mach-keystone/config.mk > index 9ae1e9a..32fef42 100644 > --- a/arch/arm/mach-keystone/config.mk > +++ b/arch/arm/mach-keystone/config.mk > @@ -5,9 +5,15 @@ > # SPDX-License-Identifier: GPL-2.0+ > # > > +include $(srctree)/$(CPUDIR)/omap-common/config_secure.mk > + > ifndef CONFIG_SPL_BUILD > +ifeq ($(CONFIG_TI_SECURE_DEVICE),y) > +ALL-y += u-boot_HS_MLO > +else > ALL-y += MLO > endif > +endif > > MKIMAGEFLAGS_u-boot-spl.gph = -A $(ARCH) -T gpimage -C none \ > -a $(CONFIG_SPL_TEXT_BASE) -e $(CONFIG_SPL_TEXT_BASE) -n SPL > ^ permalink raw reply [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH v2 6/7] doc: Updates info on using keystone secure devices from TI 2016-09-01 5:04 ` [U-Boot] [PATCH v2 0/7] Adds support for secure boot on Keystone SoCs (K2E) Madan Srinivas ` (4 preceding siblings ...) 2016-09-01 5:04 ` [U-Boot] [PATCH v2 5/7] arm: mach-keystone: config.mk: Adds support for secure images on K2 Madan Srinivas @ 2016-09-01 5:04 ` Madan Srinivas 2016-09-06 13:34 ` Tom Rini 2016-09-01 5:04 ` [U-Boot] [PATCH v2 7/7] configs: Adds a defconfig for K2E High Security EVM Madan Srinivas 2016-09-02 4:25 ` [U-Boot] [PATCH v2 0/7] Adds support for secure boot on Keystone SoCs (K2E) Lokesh Vutla 7 siblings, 1 reply; 36+ messages in thread From: Madan Srinivas @ 2016-09-01 5:04 UTC (permalink / raw) To: u-boot Add a section describing the secure boot image used on keystone secure devices. This patch applies on top of the patch doc: Update info on using AM33xx secure devices from TI submitted by Andrew Davis Signed-off-by: Madan Srinivas <madans@ti.com> --- Changes in v2: - Updates the secure keystone image name to u-boot_HS_MLO in README.ti-secure to match with the changes made to config.mk in this series version. doc/README.ti-secure | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/doc/README.ti-secure b/doc/README.ti-secure index 9b0fbf9..84c7206 100644 --- a/doc/README.ti-secure +++ b/doc/README.ti-secure @@ -133,6 +133,26 @@ Booting of U-Boot SPL u-boot-spl_HS_X-LOADER - boot image for all other flash memories including QSPI and NOR flash + Invoking the script for Keystone Secure Devices + ============================================= + + create-boot-image.sh \ + <UNUSED> <INPUT_FILE> <OUTPUT_FILE> <UNUSED> + + <UNUSED> is currently ignored and reserved for future use. + + <INPUT_FILE> is the full path and filename of the public world boot + loader binary file (only u-boot.bin is currently supported on + keystone devices, u-boot-spl.bin is not currently supported). + + <OUTPUT_FILE> is the full path and filename of the final secure + image. The output binary images should be used in place of the standard + non-secure binary images (see the platform-specific user's guides and + releases notes for how the non-secure images are typically used) + u-boot_HS_MLO - signed and encrypted boot image that can + be used to boot from all media. Secure boot from SPI NOR + flash is not currently supported. + Booting of Primary U-Boot (u-boot.img) ====================================== -- 2.7.4 ^ permalink raw reply related [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH v2 6/7] doc: Updates info on using keystone secure devices from TI 2016-09-01 5:04 ` [U-Boot] [PATCH v2 6/7] doc: Updates info on using keystone secure devices from TI Madan Srinivas @ 2016-09-06 13:34 ` Tom Rini 0 siblings, 0 replies; 36+ messages in thread From: Tom Rini @ 2016-09-06 13:34 UTC (permalink / raw) To: u-boot On Thu, Sep 01, 2016 at 01:04:41AM -0400, Madan Srinivas wrote: > Add a section describing the secure boot image used on > keystone secure devices. > > This patch applies on top of the patch > doc: Update info on using AM33xx secure devices from TI > submitted by Andrew Davis > > Signed-off-by: Madan Srinivas <madans@ti.com> > Reviewed-by: Tom Rini <trini@konsulko.com> -- Tom -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://lists.denx.de/pipermail/u-boot/attachments/20160906/38d75b3a/attachment.sig> ^ permalink raw reply [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH v2 7/7] configs: Adds a defconfig for K2E High Security EVM 2016-09-01 5:04 ` [U-Boot] [PATCH v2 0/7] Adds support for secure boot on Keystone SoCs (K2E) Madan Srinivas ` (5 preceding siblings ...) 2016-09-01 5:04 ` [U-Boot] [PATCH v2 6/7] doc: Updates info on using keystone secure devices from TI Madan Srinivas @ 2016-09-01 5:04 ` Madan Srinivas 2016-09-02 4:25 ` [U-Boot] [PATCH v2 0/7] Adds support for secure boot on Keystone SoCs (K2E) Lokesh Vutla 7 siblings, 0 replies; 36+ messages in thread From: Madan Srinivas @ 2016-09-01 5:04 UTC (permalink / raw) To: u-boot From: Vitaly Andrianov <vitalya@ti.com> Add a new defconfig file for the K2E High Security EVM. This defconfig is the same as for the non-secure part, except for: CONFIG_TI_SECURE_DEVICE option set to 'y' CONFIG_FIT option set to 'y' CONFIG_FIT_IMAGE_POST_PROCESS option set to 'y' Enables the platform-specific post-processing of FIT-extracted blobs such as Kernel, DTB, and initramfs on TI K2E high-security (HS) devices which will ultimately invokes TI proprietary secure functions that performs secure processing such as blob authentication and decryption. Signed-off-by: Vitaly Andrianov <vitalya@ti.com> Signed-off-by: Madan Srinivas <madans@ti.com> Cc: Andrew F. Davis <afd@ti.com> --- Changes in v2: - Updates k2e_hs_evm_defconfig to reduce the delta seen if one regenerates it using savedefconfig or similar tools. configs/k2e_hs_evm_defconfig | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 configs/k2e_hs_evm_defconfig diff --git a/configs/k2e_hs_evm_defconfig b/configs/k2e_hs_evm_defconfig new file mode 100644 index 0000000..fc8f22a --- /dev/null +++ b/configs/k2e_hs_evm_defconfig @@ -0,0 +1,43 @@ +CONFIG_ARM=y +CONFIG_ARCH_KEYSTONE=y +CONFIG_TARGET_K2E_EVM=y +CONFIG_TI_SECURE_DEVICE=y +CONFIG_DM_SERIAL=y +CONFIG_DEFAULT_DEVICE_TREE="k2e-evm" +CONFIG_SPL=y +CONFIG_FIT=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_FIT_IMAGE_POST_PROCESS=y +CONFIG_HUSH_PARSER=y +CONFIG_SYS_PROMPT="K2E EVM # " +CONFIG_CMD_BOOTZ=y +# CONFIG_CMD_IMLS is not set +CONFIG_CMD_ASKENV=y +# CONFIG_CMD_FLASH is not set +CONFIG_CMD_NAND=y +CONFIG_CMD_SF=y +CONFIG_CMD_SPI=y +CONFIG_CMD_I2C=y +CONFIG_CMD_USB=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_DHCP=y +CONFIG_CMD_MII=y +CONFIG_CMD_PING=y +CONFIG_CMD_EXT2=y +CONFIG_CMD_EXT4=y +CONFIG_CMD_EXT4_WRITE=y +CONFIG_CMD_FAT=y +CONFIG_CMD_FS_GENERIC=y +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_TI_AEMIF=y +CONFIG_DM_SPI_FLASH=y +CONFIG_SPI_FLASH=y +CONFIG_SPI_FLASH_STMICRO=y +CONFIG_DM_ETH=y +CONFIG_SYS_NS16550=y +CONFIG_DM_SPI=y +CONFIG_USB=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DWC3=y -- 2.7.4 ^ permalink raw reply related [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH v2 0/7] Adds support for secure boot on Keystone SoCs (K2E) 2016-09-01 5:04 ` [U-Boot] [PATCH v2 0/7] Adds support for secure boot on Keystone SoCs (K2E) Madan Srinivas ` (6 preceding siblings ...) 2016-09-01 5:04 ` [U-Boot] [PATCH v2 7/7] configs: Adds a defconfig for K2E High Security EVM Madan Srinivas @ 2016-09-02 4:25 ` Lokesh Vutla 2016-09-02 16:48 ` Srinivas, Madan 7 siblings, 1 reply; 36+ messages in thread From: Lokesh Vutla @ 2016-09-02 4:25 UTC (permalink / raw) To: u-boot On Thursday 01 September 2016 10:34 AM, Madan Srinivas wrote: > This series adds support for secure keystone family of devices, more > specifically for K2E (Edison).This work is similar to what has already > been done for the AM43xx and AM57xx SoCs and leverages much of the > infrastructure from them. > > The big difference here is the ROM on keystone2 devices does not provide > any APIs for image authentication. Rather, the image authentication and > decryption routines and other security functions are provided by > software and can run on the ARM in Trustzone as well as on secure DSPs. > > A component known as the boot monitor acts as they gateway to this secure > processing, and abstracts out the details from the public world. Unlike > OMAP class devices, where u-boot calls ROM APIs, u-boot calls into the boot- > monitor on keystone devices. > > Other than this difference, most of the secure framework for AMxx and > DRAxx devices have been re-used. > > Couple of other points to note :- > > -Support for SPL on secure keystone devices is still TBD, > so boot from SPI flash, which needs SPL, is not supported currently > on K2 devices. > > -A single image will work across all other boot media for secure K2 > devices. Overall looks good to me. What happened to the early abort seen on H2 HS devices. How are you handling it? Thanks and regards, Lokesh > > Changes in v2: > - Corrects typo in commit message for PATCH 1/7 in this series > - The following changes are made to mon.c based on review comments > Adds NULL pointer check before calling authentication interface > Removes an unnecessary printf > Updates size of signed FIT blob after post processing removes header > - Adds a new name for the signed output image in config_secure.mk > to keep it in line with the image name used by non-secure keystone > devices. > - Changes the target for secure keystone devices in config.mk > to u-boot_HS_MLO to keep it in line with the MLO target that > is built for non-secure keystone devices. > - Updates k2e_hs_evm_defconfig to reduce the delta seen if one > regenerates it using savedefconfig or similar tools. > > Madan Srinivas (4): > include: image.h: Fixes build warning with > CONFIG_FIT_IMAGE_POST_PROCESS > arm: omap-common: adds secure image name common to OMAP and keystone > arm: mach-keystone: config.mk: Adds support for secure images on K2 > doc: Updates info on using keystone secure devices from TI > > Vitaly Andrianov (3): > arm: mach-keystone: Implements FIT post-processing call for keystone > SoCs > arm: omap-common: Enable support for K2 HS devices in u-boot > configs: Adds a defconfig for K2E High Security EVM > > arch/arm/cpu/armv7/omap-common/Kconfig | 2 +- > arch/arm/cpu/armv7/omap-common/config_secure.mk | 6 +++ > arch/arm/mach-keystone/config.mk | 6 +++ > arch/arm/mach-keystone/mon.c | 55 +++++++++++++++++++++++++ > configs/k2e_hs_evm_defconfig | 43 +++++++++++++++++++ > doc/README.ti-secure | 20 +++++++++ > include/image.h | 3 +- > 7 files changed, 133 insertions(+), 2 deletions(-) > create mode 100644 configs/k2e_hs_evm_defconfig > ^ permalink raw reply [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH v2 0/7] Adds support for secure boot on Keystone SoCs (K2E) 2016-09-02 4:25 ` [U-Boot] [PATCH v2 0/7] Adds support for secure boot on Keystone SoCs (K2E) Lokesh Vutla @ 2016-09-02 16:48 ` Srinivas, Madan 2016-09-03 16:56 ` Lokesh Vutla 0 siblings, 1 reply; 36+ messages in thread From: Srinivas, Madan @ 2016-09-02 16:48 UTC (permalink / raw) To: u-boot On 9/2/2016 12:25 AM, Lokesh Vutla wrote: > > > On Thursday 01 September 2016 10:34 AM, Madan Srinivas wrote: >> This series adds support for secure keystone family of devices, more >> specifically for K2E (Edison).This work is similar to what has already >> been done for the AM43xx and AM57xx SoCs and leverages much of the >> infrastructure from them. >> >> The big difference here is the ROM on keystone2 devices does not provide >> any APIs for image authentication. Rather, the image authentication and >> decryption routines and other security functions are provided by >> software and can run on the ARM in Trustzone as well as on secure DSPs. >> >> A component known as the boot monitor acts as they gateway to this secure >> processing, and abstracts out the details from the public world. Unlike >> OMAP class devices, where u-boot calls ROM APIs, u-boot calls into the boot- >> monitor on keystone devices. >> >> Other than this difference, most of the secure framework for AMxx and >> DRAxx devices have been re-used. >> >> Couple of other points to note :- >> >> -Support for SPL on secure keystone devices is still TBD, >> so boot from SPI flash, which needs SPL, is not supported currently >> on K2 devices. >> >> -A single image will work across all other boot media for secure K2 >> devices. > > Overall looks good to me. What happened to the early abort seen on H2 HS > devices. How are you handling it? > > Thanks and regards, > Lokesh > The early abort is being handled in the boot monitor code. When the abort handler is implemented in u-boot, we can remove it from the boot monitor. Regards, Madan >> >> Changes in v2: >> - Corrects typo in commit message for PATCH 1/7 in this series >> - The following changes are made to mon.c based on review comments >> Adds NULL pointer check before calling authentication interface >> Removes an unnecessary printf >> Updates size of signed FIT blob after post processing removes header >> - Adds a new name for the signed output image in config_secure.mk >> to keep it in line with the image name used by non-secure keystone >> devices. >> - Changes the target for secure keystone devices in config.mk >> to u-boot_HS_MLO to keep it in line with the MLO target that >> is built for non-secure keystone devices. >> - Updates k2e_hs_evm_defconfig to reduce the delta seen if one >> regenerates it using savedefconfig or similar tools. >> >> Madan Srinivas (4): >> include: image.h: Fixes build warning with >> CONFIG_FIT_IMAGE_POST_PROCESS >> arm: omap-common: adds secure image name common to OMAP and keystone >> arm: mach-keystone: config.mk: Adds support for secure images on K2 >> doc: Updates info on using keystone secure devices from TI >> >> Vitaly Andrianov (3): >> arm: mach-keystone: Implements FIT post-processing call for keystone >> SoCs >> arm: omap-common: Enable support for K2 HS devices in u-boot >> configs: Adds a defconfig for K2E High Security EVM >> >> arch/arm/cpu/armv7/omap-common/Kconfig | 2 +- >> arch/arm/cpu/armv7/omap-common/config_secure.mk | 6 +++ >> arch/arm/mach-keystone/config.mk | 6 +++ >> arch/arm/mach-keystone/mon.c | 55 +++++++++++++++++++++++++ >> configs/k2e_hs_evm_defconfig | 43 +++++++++++++++++++ >> doc/README.ti-secure | 20 +++++++++ >> include/image.h | 3 +- >> 7 files changed, 133 insertions(+), 2 deletions(-) >> create mode 100644 configs/k2e_hs_evm_defconfig >> ^ permalink raw reply [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH v2 0/7] Adds support for secure boot on Keystone SoCs (K2E) 2016-09-02 16:48 ` Srinivas, Madan @ 2016-09-03 16:56 ` Lokesh Vutla 2016-09-03 17:23 ` Nishanth Menon 0 siblings, 1 reply; 36+ messages in thread From: Lokesh Vutla @ 2016-09-03 16:56 UTC (permalink / raw) To: u-boot On Friday 02 September 2016 10:18 PM, Srinivas, Madan wrote: > On 9/2/2016 12:25 AM, Lokesh Vutla wrote: >> >> >> On Thursday 01 September 2016 10:34 AM, Madan Srinivas wrote: >>> This series adds support for secure keystone family of devices, more >>> specifically for K2E (Edison).This work is similar to what has already >>> been done for the AM43xx and AM57xx SoCs and leverages much of the >>> infrastructure from them. >>> >>> The big difference here is the ROM on keystone2 devices does not provide >>> any APIs for image authentication. Rather, the image authentication and >>> decryption routines and other security functions are provided by >>> software and can run on the ARM in Trustzone as well as on secure DSPs. >>> >>> A component known as the boot monitor acts as they gateway to this >>> secure >>> processing, and abstracts out the details from the public world. Unlike >>> OMAP class devices, where u-boot calls ROM APIs, u-boot calls into >>> the boot- >>> monitor on keystone devices. >>> >>> Other than this difference, most of the secure framework for AMxx and >>> DRAxx devices have been re-used. >>> >>> Couple of other points to note :- >>> >>> -Support for SPL on secure keystone devices is still TBD, >>> so boot from SPI flash, which needs SPL, is not supported currently >>> on K2 devices. >>> >>> -A single image will work across all other boot media for secure K2 >>> devices. >> >> Overall looks good to me. What happened to the early abort seen on H2 HS >> devices. How are you handling it? >> >> Thanks and regards, >> Lokesh >> > The early abort is being handled in the boot monitor code. When the > abort handler is implemented in u-boot, we can remove it from the boot > monitor. What is the expectation when you meant abort handler in u-boot? Do you want to clear the abort or something else? Thanks and regards, Lokesh > > Regards, > Madan >>> >>> Changes in v2: >>> - Corrects typo in commit message for PATCH 1/7 in this series >>> - The following changes are made to mon.c based on review comments >>> Adds NULL pointer check before calling authentication interface >>> Removes an unnecessary printf >>> Updates size of signed FIT blob after post processing removes header >>> - Adds a new name for the signed output image in config_secure.mk >>> to keep it in line with the image name used by non-secure keystone >>> devices. >>> - Changes the target for secure keystone devices in config.mk >>> to u-boot_HS_MLO to keep it in line with the MLO target that >>> is built for non-secure keystone devices. >>> - Updates k2e_hs_evm_defconfig to reduce the delta seen if one >>> regenerates it using savedefconfig or similar tools. >>> >>> Madan Srinivas (4): >>> include: image.h: Fixes build warning with >>> CONFIG_FIT_IMAGE_POST_PROCESS >>> arm: omap-common: adds secure image name common to OMAP and keystone >>> arm: mach-keystone: config.mk: Adds support for secure images on K2 >>> doc: Updates info on using keystone secure devices from TI >>> >>> Vitaly Andrianov (3): >>> arm: mach-keystone: Implements FIT post-processing call for keystone >>> SoCs >>> arm: omap-common: Enable support for K2 HS devices in u-boot >>> configs: Adds a defconfig for K2E High Security EVM >>> >>> arch/arm/cpu/armv7/omap-common/Kconfig | 2 +- >>> arch/arm/cpu/armv7/omap-common/config_secure.mk | 6 +++ >>> arch/arm/mach-keystone/config.mk | 6 +++ >>> arch/arm/mach-keystone/mon.c | 55 >>> +++++++++++++++++++++++++ >>> configs/k2e_hs_evm_defconfig | 43 >>> +++++++++++++++++++ >>> doc/README.ti-secure | 20 +++++++++ >>> include/image.h | 3 +- >>> 7 files changed, 133 insertions(+), 2 deletions(-) >>> create mode 100644 configs/k2e_hs_evm_defconfig >>> > ^ permalink raw reply [flat|nested] 36+ messages in thread
* [U-Boot] [PATCH v2 0/7] Adds support for secure boot on Keystone SoCs (K2E) 2016-09-03 16:56 ` Lokesh Vutla @ 2016-09-03 17:23 ` Nishanth Menon 0 siblings, 0 replies; 36+ messages in thread From: Nishanth Menon @ 2016-09-03 17:23 UTC (permalink / raw) To: u-boot On 09/03/2016 11:56 AM, Lokesh Vutla wrote: [...] > What is the expectation when you meant abort handler in u-boot? Do you > want to clear the abort or something else? > report the error and clear the error in u-boot. we should be able to catch errors generated at u-boot level OR rom code level at u-boot. we dont want to detect and hang in kernel - the debug is just painful. -- Regards, Nishanth Menon ^ permalink raw reply [flat|nested] 36+ messages in thread
end of thread, other threads:[~2016-09-08 15:29 UTC | newest] Thread overview: 36+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <madans@ti.com> 2016-08-26 6:30 ` [U-Boot] [PATCH 0/7] Adds support for secure boot on Keystone SoCs (K2E) Madan Srinivas 2016-08-26 6:30 ` [U-Boot] [PATCH 1/7] include: image.h: Fixes build warning with CONFIG_FIT_IMAGE_POST_PROCESS Madan Srinivas 2016-08-29 14:52 ` Andrew F. Davis 2016-08-26 6:30 ` [U-Boot] [PATCH 2/7] arm: mach-keystone: Implements FIT post-processing call for keystone SoCs Madan Srinivas 2016-08-29 16:22 ` Dan Murphy 2016-08-30 9:03 ` Lokesh Vutla 2016-08-26 6:30 ` [U-Boot] [PATCH 3/7] arm: omap-common: Enable support for K2 HS devices in u-boot Madan Srinivas 2016-08-29 14:56 ` Andrew F. Davis 2016-08-29 17:02 ` Dan Murphy 2016-08-26 6:30 ` [U-Boot] [PATCH 4/7] arm: omap-common: Reuse secure image name between OMAP and keystone Madan Srinivas 2016-08-29 15:10 ` Andrew F. Davis 2016-08-26 6:30 ` [U-Boot] [PATCH 5/7] arm: mach-keystone: config.mk: Adds support for secure images on K2 Madan Srinivas 2016-08-29 15:21 ` Andrew F. Davis 2016-08-26 6:30 ` [U-Boot] [PATCH 6/7] doc: Updates info on using keystone secure devices from TI Madan Srinivas 2016-08-26 6:30 ` [U-Boot] [PATCH 7/7] configs: Adds a defconfig for K2E High Security EVM Madan Srinivas 2016-08-29 15:28 ` Andrew F. Davis 2016-09-01 5:04 ` [U-Boot] [PATCH v2 0/7] Adds support for secure boot on Keystone SoCs (K2E) Madan Srinivas 2016-09-01 5:04 ` [U-Boot] [PATCH v2 1/7] include: image.h: Fixes build warning with CONFIG_FIT_IMAGE_POST_PROCESS Madan Srinivas 2016-09-06 13:34 ` Tom Rini 2016-09-06 13:34 ` Tom Rini 2016-09-01 5:04 ` [U-Boot] [PATCH v2 2/7] arm: mach-keystone: Implements FIT post-processing call for keystone SoCs Madan Srinivas 2016-09-06 13:34 ` Tom Rini 2016-09-08 15:29 ` Srinivas, Madan 2016-09-01 5:04 ` [U-Boot] [PATCH v2 3/7] arm: omap-common: adds secure image name common to OMAP and keystone Madan Srinivas 2016-09-06 13:34 ` Tom Rini 2016-09-01 5:04 ` [U-Boot] [PATCH v2 4/7] arm: omap-common: Enable support for K2 HS devices in u-boot Madan Srinivas 2016-09-06 13:34 ` Tom Rini 2016-09-01 5:04 ` [U-Boot] [PATCH v2 5/7] arm: mach-keystone: config.mk: Adds support for secure images on K2 Madan Srinivas 2016-09-02 14:35 ` Andrew F. Davis 2016-09-01 5:04 ` [U-Boot] [PATCH v2 6/7] doc: Updates info on using keystone secure devices from TI Madan Srinivas 2016-09-06 13:34 ` Tom Rini 2016-09-01 5:04 ` [U-Boot] [PATCH v2 7/7] configs: Adds a defconfig for K2E High Security EVM Madan Srinivas 2016-09-02 4:25 ` [U-Boot] [PATCH v2 0/7] Adds support for secure boot on Keystone SoCs (K2E) Lokesh Vutla 2016-09-02 16:48 ` Srinivas, Madan 2016-09-03 16:56 ` Lokesh Vutla 2016-09-03 17:23 ` Nishanth Menon
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.