On Thu, Sep 01, 2016 at 01:04:37AM -0400, Madan Srinivas wrote: > From: Vitaly Andrianov <[email protected]> > > This commit implements the board_fit_image_post_process() function for > the keystone architecture. Unlike OMAP class devices, security > functions in keystone are not handled in the ROM. > The interface to the secure functions is TI proprietary and depending > on the keystone platform, the security functions like encryption, > decryption and authentication might even be offloaded to other secure > processing elements in the SoC. > The boot monitor acts as the gateway to these secure functions and the > boot monitor for secure devices is available as part of the SECDEV > package for KS2. For more details refer doc/README.ti-secure > > Signed-off-by: Vitaly Andrianov <[email protected]> > Signed-off-by: Madan Srinivas <[email protected]> > > Cc: Lokesh Vutla <[email protected]> > Cc: Dan Murphy <[email protected]>
First, what is done to ensure that the magic blob we're offloading to isn't malicious? Second, this appears to be missing cache flushes that're done in arch/arm/cpu/armv7/omap-common/sec-common.c and, well, why can't we re-use the existing code? Given how rarely IP blocks are written from scratch rather than being an evolution of a previous block I can't imagine that we can't make the code there be re-used nor that we don't need / couldn't use the flushing and alignment checks nor status messages. Thanks! -- Tom
signature.asc
Description: Digital signature
_______________________________________________ U-Boot mailing list [email protected] http://lists.denx.de/mailman/listinfo/u-boot
