Re: [U-Boot] [PATCH 0/5] FSL SECURE BOOT: Add support for next level image validation
-Original Message- From: Phillips Kim-R1AAHA Sent: Saturday, March 30, 2013 4:08 AM To: Gupta Ruchika-R66431 Cc: Otavio Salvador; U-Boot Mailing List; Fleming Andy-AFLEMING Subject: Re: [U-Boot] [PATCH 0/5] FSL SECURE BOOT: Add support for next level image validation On Fri, 29 Mar 2013 04:43:23 + Gupta Ruchika-R66431 r66...@freescale.com wrote: From: otavio.salva...@gmail.com [mailto:otavio.salva...@gmail.com] On Behalf Of Otavio Salvador Sent: Thursday, March 28, 2013 8:23 PM To: Gupta Ruchika-R66431 Cc: U-Boot Mailing List; Fleming Andy-AFLEMING Subject: Re: [U-Boot] [PATCH 0/5] FSL SECURE BOOT: Add support for next level image validation On Thu, Mar 28, 2013 at 7:46 AM, Ruchika Gupta ruchika.gu...@freescale.com wrote: The patch set adds support for next level image validation (linux, rootfs, dtb) in secure boot scenarios. It seems to focus in PowerPC, do you know if same code could be ported to ARM? For the code to be ported to ARM platform, corresponding hardware blocks like cryptographic accelerator/SW support for crypto operations, IOMMU and a security monitor block will be required. i.mx6 has, and other future ARM-based devices will have, a CAAM, so I see no reason why any of this code should be restricted to power arch at all. How does this patchseries integrate with this SHA offload patchseries: http://article.gmane.org/gmane.comp.boot-loaders.u-boot/156321 Once this patch series is applied on the main branch I will rebase my patch, align to this and re-send. and this verified boot implementation: http://article.gmane.org/gmane.comp.boot-loaders.u-boot/156422 ? Thanks for pointing this link out. We have been using bootscript approach for validating next level images, which works on validation of each of the Linux, rootfs and dtb image separately. The location of this bootscript is hardcoded in the board bootcmd file. However the approach pointed by this link is more generic, since it validates a single FIT image. I will work towards integrating our SoC's approach into this framework. Ruchika ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] [PATCH 0/5] FSL SECURE BOOT: Add support for next level image validation
-Original Message- From: otavio.salva...@gmail.com [mailto:otavio.salva...@gmail.com] On Behalf Of Otavio Salvador Sent: Thursday, March 28, 2013 8:23 PM To: Gupta Ruchika-R66431 Cc: U-Boot Mailing List; Fleming Andy-AFLEMING Subject: Re: [U-Boot] [PATCH 0/5] FSL SECURE BOOT: Add support for next level image validation On Thu, Mar 28, 2013 at 7:46 AM, Ruchika Gupta ruchika.gu...@freescale.com wrote: The patch set adds support for next level image validation (linux, rootfs, dtb) in secure boot scenarios. It seems to focus in PowerPC, do you know if same code could be ported to ARM? For the code to be ported to ARM platform, corresponding hardware blocks like cryptographic accelerator/SW support for crypto operations, IOMMU and a security monitor block will be required. Ruchika -- Otavio Salvador O.S. Systems E-mail: ota...@ossystems.com.br http://www.ossystems.com.br Mobile: +55 53 9981-7854 http://projetos.ossystems.com.br ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] [PATCH 0/5] FSL SECURE BOOT: Add support for next level image validation
-Original Message- From: Phillips Kim-R1AAHA Sent: Saturday, March 30, 2013 4:08 AM To: Gupta Ruchika-R66431 Cc: Otavio Salvador; U-Boot Mailing List; Fleming Andy-AFLEMING Subject: Re: [U-Boot] [PATCH 0/5] FSL SECURE BOOT: Add support for next level image validation On Fri, 29 Mar 2013 04:43:23 + Gupta Ruchika-R66431 r66...@freescale.com wrote: From: otavio.salva...@gmail.com [mailto:otavio.salva...@gmail.com] On Behalf Of Otavio Salvador Sent: Thursday, March 28, 2013 8:23 PM To: Gupta Ruchika-R66431 Cc: U-Boot Mailing List; Fleming Andy-AFLEMING Subject: Re: [U-Boot] [PATCH 0/5] FSL SECURE BOOT: Add support for next level image validation On Thu, Mar 28, 2013 at 7:46 AM, Ruchika Gupta ruchika.gu...@freescale.com wrote: The patch set adds support for next level image validation (linux, rootfs, dtb) in secure boot scenarios. It seems to focus in PowerPC, do you know if same code could be ported to ARM? For the code to be ported to ARM platform, corresponding hardware blocks like cryptographic accelerator/SW support for crypto operations, IOMMU and a security monitor block will be required. i.mx6 has, and other future ARM-based devices will have, a CAAM, so I see no reason why any of this code should be restricted to power arch at all. How does this patchseries integrate with this SHA offload patchseries: http://article.gmane.org/gmane.comp.boot-loaders.u-boot/156321 and this verified boot implementation: http://article.gmane.org/gmane.comp.boot-loaders.u-boot/156422 ? Kim Thanks for the suggestion Kim. I will have a look at the links you mentioned and see how my patches can fit in. Since I am on leave this week so my response on this will be a little delayed. Ruchika ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
