On Friday 02 September 2016 10:18 PM, Srinivas, Madan wrote: > On 9/2/2016 12:25 AM, Lokesh Vutla wrote: >> >> >> On Thursday 01 September 2016 10:34 AM, Madan Srinivas wrote: >>> This series adds support for secure keystone family of devices, more >>> specifically for K2E (Edison).This work is similar to what has already >>> been done for the AM43xx and AM57xx SoCs and leverages much of the >>> infrastructure from them. >>> >>> The big difference here is the ROM on keystone2 devices does not provide >>> any APIs for image authentication. Rather, the image authentication and >>> decryption routines and other security functions are provided by >>> software and can run on the ARM in Trustzone as well as on secure DSPs. >>> >>> A component known as the boot monitor acts as they gateway to this >>> secure >>> processing, and abstracts out the details from the public world. Unlike >>> OMAP class devices, where u-boot calls ROM APIs, u-boot calls into >>> the boot- >>> monitor on keystone devices. >>> >>> Other than this difference, most of the secure framework for AMxx and >>> DRAxx devices have been re-used. >>> >>> Couple of other points to note :- >>> >>> -Support for SPL on secure keystone devices is still TBD, >>> so boot from SPI flash, which needs SPL, is not supported currently >>> on K2 devices. >>> >>> -A single image will work across all other boot media for secure K2 >>> devices. >> >> Overall looks good to me. What happened to the early abort seen on H2 HS >> devices. How are you handling it? >> >> Thanks and regards, >> Lokesh >> > The early abort is being handled in the boot monitor code. When the > abort handler is implemented in u-boot, we can remove it from the boot > monitor.
What is the expectation when you meant abort handler in u-boot? Do you want to clear the abort or something else? Thanks and regards, Lokesh > > Regards, > Madan >>> >>> Changes in v2: >>> - Corrects typo in commit message for PATCH 1/7 in this series >>> - The following changes are made to mon.c based on review comments >>> Adds NULL pointer check before calling authentication interface >>> Removes an unnecessary printf >>> Updates size of signed FIT blob after post processing removes header >>> - Adds a new name for the signed output image in config_secure.mk >>> to keep it in line with the image name used by non-secure keystone >>> devices. >>> - Changes the target for secure keystone devices in config.mk >>> to u-boot_HS_MLO to keep it in line with the MLO target that >>> is built for non-secure keystone devices. >>> - Updates k2e_hs_evm_defconfig to reduce the delta seen if one >>> regenerates it using savedefconfig or similar tools. >>> >>> Madan Srinivas (4): >>> include: image.h: Fixes build warning with >>> CONFIG_FIT_IMAGE_POST_PROCESS >>> arm: omap-common: adds secure image name common to OMAP and keystone >>> arm: mach-keystone: config.mk: Adds support for secure images on K2 >>> doc: Updates info on using keystone secure devices from TI >>> >>> Vitaly Andrianov (3): >>> arm: mach-keystone: Implements FIT post-processing call for keystone >>> SoCs >>> arm: omap-common: Enable support for K2 HS devices in u-boot >>> configs: Adds a defconfig for K2E High Security EVM >>> >>> arch/arm/cpu/armv7/omap-common/Kconfig | 2 +- >>> arch/arm/cpu/armv7/omap-common/config_secure.mk | 6 +++ >>> arch/arm/mach-keystone/config.mk | 6 +++ >>> arch/arm/mach-keystone/mon.c | 55 >>> +++++++++++++++++++++++++ >>> configs/k2e_hs_evm_defconfig | 43 >>> +++++++++++++++++++ >>> doc/README.ti-secure | 20 +++++++++ >>> include/image.h | 3 +- >>> 7 files changed, 133 insertions(+), 2 deletions(-) >>> create mode 100644 configs/k2e_hs_evm_defconfig >>> > _______________________________________________ U-Boot mailing list [email protected] http://lists.denx.de/mailman/listinfo/u-boot
