Message ID | 1466480052-25004-9-git-send-email-dannenberg@ti.com |
---|---|
State | Superseded |
Delegated to: | Tom Rini |
Headers | show |
On Mon, Jun 20, 2016 at 10:34:11PM -0500, Andreas Dannenberg wrote: > From: Madan Srinivas <madans@ti.com> > > Modify the SPL build procedure for AM437x high-security (HS) device > variants to create a secure u-boot_HS.img FIT blob that contains U-Boot > and DTB artifacts signed (and optionally encrypted) with a TI-specific > process based on the CONFIG_TI_SECURE_DEVICE config option and the > externally-provided image signing tool. > > Also populate the corresponding FIT image post processing call to be > performed during SPL runtime. > > Signed-off-by: Madan Srinivas <madans@ti.com> > Signed-off-by: Andreas Dannenberg <dannenberg@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com>
diff --git a/arch/arm/cpu/armv7/am33xx/config.mk b/arch/arm/cpu/armv7/am33xx/config.mk index 6d95d32..ab94708 100644 --- a/arch/arm/cpu/armv7/am33xx/config.mk +++ b/arch/arm/cpu/armv7/am33xx/config.mk @@ -26,6 +26,7 @@ endif else ifeq ($(CONFIG_TI_SECURE_DEVICE),y) ALL-$(CONFIG_QSPI_BOOT) += u-boot_HS_XIP_X-LOADER +ALL-y += u-boot_HS.img endif ALL-y += u-boot.img endif diff --git a/board/ti/am43xx/board.c b/board/ti/am43xx/board.c index f005762..fc0b38b 100644 --- a/board/ti/am43xx/board.c +++ b/board/ti/am43xx/board.c @@ -862,3 +862,10 @@ int board_fit_config_name_match(const char *name) return -1; } #endif + +#ifdef CONFIG_TI_SECURE_DEVICE +void board_fit_image_post_process(void **p_image, size_t *p_size) +{ + secure_boot_verify_image(p_image, p_size); +} +#endif