diff options
| author | Emanuele Ghidoli <emanuele.ghidoli@toradex.com> | 2023-12-01 14:36:20 +0100 |
|---|---|---|
| committer | Emanuele Ghidoli <emanuele.ghidoli@toradex.com> | 2023-12-01 14:36:20 +0100 |
| commit | ff20984bc78933c081ab8f22a84dde8cdb38e8b9 (patch) | |
| tree | c626e16fdb2e6d51a7dbc27bad5a556a8549ea4a /doc | |
| parent | 536d0d5eef241a80a352704d82f2284faac2b046 (diff) | |
| parent | 71b8c840ca61a4e11b2cdf63b0e6580ecb427912 (diff) | |
Merge tag '09.01.00.006' into toradex_ti-09.01.00.006
RC Release 09.01.00.006
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/board/ti/k3.rst | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/doc/board/ti/k3.rst b/doc/board/ti/k3.rst index 58e4ad2f6f..e9a65e00ee 100644 --- a/doc/board/ti/k3.rst +++ b/doc/board/ti/k3.rst @@ -103,6 +103,51 @@ firmware can be loaded on the now free core in the wakeup domain. For more information on the bootup process of your SoC, consult the device specific boot flow documentation. +Secure Boot +^^^^^^^^^^^ + +K3 HS-SE devices are used for authenticated boot flow with secure boot. +HS-FS devices have optional authentication in the flow and doesn't "require" +authentication unless converted to HS-SE devices. + +Chain of trust +"""""""""""""" + +1) SMS starts up and loads the authenticated ROM code in Wakeup Domain +2) ROM code starts up and loads the authenticated tiboot3.bin in Wakeup + Domain +3) Wakeup SPL (tiboot3.bin) would authenticate the next set of binaries + (ATF,OP-TEE,DM,SPL,etc.) +4) After ATF and OP-TEE load, ARMV8 U-boot authenticates the next set of + binaries (Linux and DTBs) if using FIT Image authentication and having a + signature node in U-boot. + +Steps 1-3 are all authenticated by either the ROM code or TIFS as the +authenticating entity and step 4 uses U-boot standard mechanism for +authenticating. + +All the authentication that are done for ROM/TIFS are done through x509 +certificates that are signed. + +Firewalls +""""""""" + +1) ROM comes up and sets up firewalls that are needed by itself +2) TIFS (in multicertificate will setup it's own firewalls) +3) R5 SPL comes along and opens up other firewalls ( that are not owned by + anyone - essentially firewalls that were setup by ROM but are not needed + anymore) +4) Each stage beyond this: such as tispl.bin containing TFA/OPTEE uses OIDs to + set up firewalls to protect themselves (enforced by TIFS) +5) TFA/OP-TEE can configure other firewalls at runtime if required as they + are already authenticated and firewalled off from illegal access. +6) A53 SPL and U-boot itself startups but has no ability to change the + protection firewalls enforced by x509 OIDs or any other firewalls + configured by ROM/TIFS in the beginning. + +Futhur, firewalls have a lockdown bit in hardware that enforces the setting +(and cannot be over-ridden) till the full system is resetted. + Software Sources ---------------- |