diff options
author | Madan Srinivas <madans@ti.com> | 2016-06-27 09:19:23 -0500 |
---|---|---|
committer | Tom Rini <trini@konsulko.com> | 2016-07-14 18:22:23 -0400 |
commit | e29878fc47f19e2ad6824cd61c69f2c187c5fb8a (patch) | |
tree | 1d31d31213f14a057729e21f4580b6b273ab274a | |
parent | 17c298733612f68ebf7702f28f32ad78c7ef115e (diff) |
arm: am4x: add U-Boot FIT signing and SPL image post-processing
Modify the SPL build procedure for AM437x high-security (HS) device
variants to create a secure u-boot_HS.img FIT blob that contains U-Boot
and DTB artifacts signed (and optionally encrypted) with a TI-specific
process based on the CONFIG_TI_SECURE_DEVICE config option and the
externally-provided image signing tool.
Also populate the corresponding FIT image post processing call to be
performed during SPL runtime.
Signed-off-by: Madan Srinivas <madans@ti.com>
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
-rw-r--r-- | arch/arm/cpu/armv7/am33xx/config.mk | 1 | ||||
-rw-r--r-- | board/ti/am43xx/board.c | 8 | ||||
-rw-r--r-- | configs/am43xx_hs_evm_defconfig | 1 |
3 files changed, 10 insertions, 0 deletions
diff --git a/arch/arm/cpu/armv7/am33xx/config.mk b/arch/arm/cpu/armv7/am33xx/config.mk index 6d95d327b45..ab9470820d5 100644 --- a/arch/arm/cpu/armv7/am33xx/config.mk +++ b/arch/arm/cpu/armv7/am33xx/config.mk @@ -26,6 +26,7 @@ endif else ifeq ($(CONFIG_TI_SECURE_DEVICE),y) ALL-$(CONFIG_QSPI_BOOT) += u-boot_HS_XIP_X-LOADER +ALL-y += u-boot_HS.img endif ALL-y += u-boot.img endif diff --git a/board/ti/am43xx/board.c b/board/ti/am43xx/board.c index f005762edad..27c311ee9d2 100644 --- a/board/ti/am43xx/board.c +++ b/board/ti/am43xx/board.c @@ -13,6 +13,7 @@ #include <asm/errno.h> #include <spl.h> #include <usb.h> +#include <asm/omap_sec_common.h> #include <asm/arch/clock.h> #include <asm/arch/sys_proto.h> #include <asm/arch/mux.h> @@ -862,3 +863,10 @@ int board_fit_config_name_match(const char *name) return -1; } #endif + +#ifdef CONFIG_TI_SECURE_DEVICE +void board_fit_image_post_process(void **p_image, size_t *p_size) +{ + secure_boot_verify_image(p_image, p_size); +} +#endif diff --git a/configs/am43xx_hs_evm_defconfig b/configs/am43xx_hs_evm_defconfig index 4856a19f0b0..68dfb6c575a 100644 --- a/configs/am43xx_hs_evm_defconfig +++ b/configs/am43xx_hs_evm_defconfig @@ -13,6 +13,7 @@ CONFIG_SPL_STACK_R=y CONFIG_FIT=y CONFIG_SYS_EXTRA_OPTIONS="CONS_INDEX=1, NAND" CONFIG_SPL_LOAD_FIT=y +CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y CONFIG_HUSH_PARSER=y CONFIG_CMD_BOOTZ=y # CONFIG_CMD_IMLS is not set |