> -----Original Message----- > From: Lim, Elly Siew Chin <[email protected]> > Sent: Monday, March 1, 2021 8:04 PM > To: [email protected] > Cc: Marek Vasut <[email protected]>; Tan, Ley Foon > <[email protected]>; See, Chin Liang <[email protected]>; > Simon Goldschmidt <[email protected]>; Chee, Tien Fong > <[email protected]>; Westergreen, Dalon > <[email protected]>; Simon Glass <[email protected]>; Gan, > Yau Wai <[email protected]>; Lim, Elly Siew Chin > <[email protected]> > Subject: [v5 2/7] arm: socfpga: soc64: Support Vendor Authorized Boot (VAB) > > Vendor Authorized Boot is a security feature for authenticating the images > such as U-Boot, ARM trusted Firmware, Linux kernel, device tree blob and > etc loaded from FIT. After those images are loaded from FIT, the VAB > certificate and signature block appended at the end of each image are sent > to Secure Device Manager (SDM) for authentication. U-Boot will validate the > SHA384 of the image against the SHA384 hash stored in the VAB certificate > before sending the image to SDM for authentication. > > Signed-off-by: Siew Chin Lim <[email protected]> > > --- > v5: > - In arch/arm/mach-socfpga/board.c > - Move '#if IS_ENABLED(CONFIG_SOCFPGA_SECURE_VAB_AUTH)' inside > board_fit_image_post_process function. > - Move '#if IS_ENABLED(CONFIG_SPL_BUID)' outside board_prep_linux > function. > > v4: > - Move function 'board_fit_image_post_process' and 'board_prep_linux' > from secure_vab.c to board.c. > --- > arch/arm/mach-socfpga/Kconfig | 15 ++ > arch/arm/mach-socfpga/Makefile | 2 + > arch/arm/mach-socfpga/board.c | 45 +++++- > arch/arm/mach-socfpga/include/mach/mailbox_s10.h | 1 + > arch/arm/mach-socfpga/include/mach/secure_vab.h | 63 ++++++++ > arch/arm/mach-socfpga/secure_vab.c | 186 > +++++++++++++++++++++++ > common/Kconfig.boot | 2 +- > 7 files changed, 309 insertions(+), 5 deletions(-) create mode 100644 > arch/arm/mach-socfpga/include/mach/secure_vab.h > create mode 100644 arch/arm/mach-socfpga/secure_vab.c > Reviewed-by: Ley Foon Tan <[email protected]>
