| Message ID | 1466018801-18044-7-git-send-email-dannenberg@ti.com |
|---|---|
| State | RFC |
| Delegated to: | Tom Rini |
| Headers | show |
On 15 June 2016 at 13:26, Andreas Dannenberg <dannenberg@ti.com> wrote: > From: Daniel Allred <d-allred@ti.com> > > Adds a board specific FIT image post processing function for when > CONFIG_SECURE_BOOT is defined. Also update the omap common config > header to enable CONFIG_SECURE_BOOT always for secure TI devices > (CONFIG_TI_SECURE_DEVICE is defined). > > Signed-off-by: Daniel Allred <d-allred@ti.com> > Signed-off-by: Andreas Dannenberg <dannenberg@ti.com> > --- > board/ti/am57xx/board.c | 7 +++++++ > board/ti/dra7xx/evm.c | 7 +++++++ > include/configs/ti_omap5_common.h | 4 ++++ > 3 files changed, 18 insertions(+) Reviewed-by: Simon Glass <sjg@chromium.org>
On Thursday 16 June 2016 12:56 AM, Andreas Dannenberg wrote: > From: Daniel Allred <d-allred@ti.com> > > Adds a board specific FIT image post processing function for when > CONFIG_SECURE_BOOT is defined. Also update the omap common config > header to enable CONFIG_SECURE_BOOT always for secure TI devices > (CONFIG_TI_SECURE_DEVICE is defined). > > Signed-off-by: Daniel Allred <d-allred@ti.com> > Signed-off-by: Andreas Dannenberg <dannenberg@ti.com> > --- > board/ti/am57xx/board.c | 7 +++++++ > board/ti/dra7xx/evm.c | 7 +++++++ > include/configs/ti_omap5_common.h | 4 ++++ > 3 files changed, 18 insertions(+) > > diff --git a/board/ti/am57xx/board.c b/board/ti/am57xx/board.c > index 08cf14d..a9635c2 100644 > --- a/board/ti/am57xx/board.c > +++ b/board/ti/am57xx/board.c > @@ -750,3 +750,10 @@ int board_fit_config_name_match(const char *name) > return -1; > } > #endif > + > +#ifdef CONFIG_SECURE_BOOT > +void board_fit_image_post_process(void **p_image, size_t *p_size) > +{ > + secure_boot_verify_image(p_image, p_size); > +} > +#endif > diff --git a/board/ti/dra7xx/evm.c b/board/ti/dra7xx/evm.c > index 3fbbc9b..03eefb6 100644 > --- a/board/ti/dra7xx/evm.c > +++ b/board/ti/dra7xx/evm.c > @@ -739,3 +739,10 @@ int board_fit_config_name_match(const char *name) > return -1; > } > #endif > + > +#ifdef CONFIG_SECURE_BOOT > +void board_fit_image_post_process(void **p_image, size_t *p_size) > +{ > + secure_boot_verify_image(p_image, p_size); > +} > +#endif > diff --git a/include/configs/ti_omap5_common.h b/include/configs/ti_omap5_common.h > index 2e4c8e9..9db6da2 100644 > --- a/include/configs/ti_omap5_common.h > +++ b/include/configs/ti_omap5_common.h > @@ -138,6 +138,10 @@ > * print some information. > */ > #ifdef CONFIG_TI_SECURE_DEVICE > + > +/* Always enforce for secure devices */ > +#define CONFIG_SECURE_BOOT Can you make this a Kconfig option? You are enabling it for GP devices as well. What happens in GP devices? Thanks and regards, Lokesh > + > /* > * For memory booting on HS parts, the first 4KB of the internal RAM is > * reserved for secure world use and the flash loader image is >
diff --git a/board/ti/am57xx/board.c b/board/ti/am57xx/board.c index 08cf14d..a9635c2 100644 --- a/board/ti/am57xx/board.c +++ b/board/ti/am57xx/board.c @@ -750,3 +750,10 @@ int board_fit_config_name_match(const char *name) return -1; } #endif + +#ifdef CONFIG_SECURE_BOOT +void board_fit_image_post_process(void **p_image, size_t *p_size) +{ + secure_boot_verify_image(p_image, p_size); +} +#endif diff --git a/board/ti/dra7xx/evm.c b/board/ti/dra7xx/evm.c index 3fbbc9b..03eefb6 100644 --- a/board/ti/dra7xx/evm.c +++ b/board/ti/dra7xx/evm.c @@ -739,3 +739,10 @@ int board_fit_config_name_match(const char *name) return -1; } #endif + +#ifdef CONFIG_SECURE_BOOT +void board_fit_image_post_process(void **p_image, size_t *p_size) +{ + secure_boot_verify_image(p_image, p_size); +} +#endif diff --git a/include/configs/ti_omap5_common.h b/include/configs/ti_omap5_common.h index 2e4c8e9..9db6da2 100644 --- a/include/configs/ti_omap5_common.h +++ b/include/configs/ti_omap5_common.h @@ -138,6 +138,10 @@ * print some information. */ #ifdef CONFIG_TI_SECURE_DEVICE + +/* Always enforce for secure devices */ +#define CONFIG_SECURE_BOOT + /* * For memory booting on HS parts, the first 4KB of the internal RAM is * reserved for secure world use and the flash loader image is