Message ID | 1503655390-16829-1-git-send-email-sumit.garg@nxp.com |
---|---|
State | Superseded |
Delegated to: | York Sun |
Headers | show |
On Fri, Aug 25, 2017 at 03:33:10PM +0530, Sumit Garg wrote: > As part of chain of trust with confidentiality along with distro > boot, linux kernel image needs to be stored in encrypted form on > ext4 boot partition. So enable CONFIG_CMD_EXT4_WRITE in case of > Secure boot. > > Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: Tom Rini <trini@konsulko.com>
On 08/25/2017 03:03 AM, Sumit Garg wrote: > As part of chain of trust with confidentiality along with distro > boot, linux kernel image needs to be stored in encrypted form on > ext4 boot partition. So enable CONFIG_CMD_EXT4_WRITE in case of > Secure boot. > > Signed-off-by: Sumit Garg <sumit.garg@nxp.com> > --- > > Changes in v2: > Instead of adding CMD_EXT4_WRITE option in each defconfig, added this > option in Kconfig. > > board/freescale/common/Kconfig | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/board/freescale/common/Kconfig b/board/freescale/common/Kconfig > index 53b606e..3496eed 100644 > --- a/board/freescale/common/Kconfig > +++ b/board/freescale/common/Kconfig > @@ -6,6 +6,8 @@ config CHAIN_OF_TRUST > select SPL_BOARD_INIT if (ARM && SPL) > select SHA_HW_ACCEL > select SHA_PROG_HW_ACCEL > + select CMD_EXT4 > + select CMD_EXT4_WRITE > bool > default y Are you going to need this for all PowerPC platforms? This changes increases 3K in text section. Will Ruchika confirm? York
> -----Original Message----- > From: York Sun > Sent: Wednesday, September 06, 2017 9:47 PM > To: Sumit Garg <sumit.garg@nxp.com>; u-boot@lists.denx.de > Cc: Ruchika Gupta <ruchika.gupta@nxp.com>; Prabhakar Kushwaha > <prabhakar.kushwaha@nxp.com>; trini@konsulko.com > Subject: Re: [Patch v2] configs: SECURE_BOOT: Enable > CONFIG_CMD_EXT4_WRITE > > On 08/25/2017 03:03 AM, Sumit Garg wrote: > > As part of chain of trust with confidentiality along with distro boot, > > linux kernel image needs to be stored in encrypted form on > > ext4 boot partition. So enable CONFIG_CMD_EXT4_WRITE in case of Secure > > boot. > > > > Signed-off-by: Sumit Garg <sumit.garg@nxp.com> > > --- > > > > Changes in v2: > > Instead of adding CMD_EXT4_WRITE option in each defconfig, added this > > option in Kconfig. > > > > board/freescale/common/Kconfig | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/board/freescale/common/Kconfig > > b/board/freescale/common/Kconfig index 53b606e..3496eed 100644 > > --- a/board/freescale/common/Kconfig > > +++ b/board/freescale/common/Kconfig > > @@ -6,6 +6,8 @@ config CHAIN_OF_TRUST > > select SPL_BOARD_INIT if (ARM && SPL) > > select SHA_HW_ACCEL > > select SHA_PROG_HW_ACCEL > > + select CMD_EXT4 > > + select CMD_EXT4_WRITE > > bool > > default y > > Are you going to need this for all PowerPC platforms? This changes increases 3K > in text section. > > Will Ruchika confirm? > > York We don't need this option on PowerPC platforms as we currently don't support distro boot on PowerPC platforms. So we can enable this option for ARM platforms only. Sumit
On 09/06/2017 09:10 PM, Sumit Garg wrote: >> -----Original Message----- >> From: York Sun >> Sent: Wednesday, September 06, 2017 9:47 PM >> To: Sumit Garg <sumit.garg@nxp.com>; u-boot@lists.denx.de >> Cc: Ruchika Gupta <ruchika.gupta@nxp.com>; Prabhakar Kushwaha >> <prabhakar.kushwaha@nxp.com>; trini@konsulko.com >> Subject: Re: [Patch v2] configs: SECURE_BOOT: Enable >> CONFIG_CMD_EXT4_WRITE >> >> On 08/25/2017 03:03 AM, Sumit Garg wrote: >>> As part of chain of trust with confidentiality along with distro boot, >>> linux kernel image needs to be stored in encrypted form on >>> ext4 boot partition. So enable CONFIG_CMD_EXT4_WRITE in case of Secure >>> boot. >>> >>> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> >>> --- >>> >>> Changes in v2: >>> Instead of adding CMD_EXT4_WRITE option in each defconfig, added this >>> option in Kconfig. >>> >>> board/freescale/common/Kconfig | 2 ++ >>> 1 file changed, 2 insertions(+) >>> >>> diff --git a/board/freescale/common/Kconfig >>> b/board/freescale/common/Kconfig index 53b606e..3496eed 100644 >>> --- a/board/freescale/common/Kconfig >>> +++ b/board/freescale/common/Kconfig >>> @@ -6,6 +6,8 @@ config CHAIN_OF_TRUST >>> select SPL_BOARD_INIT if (ARM && SPL) >>> select SHA_HW_ACCEL >>> select SHA_PROG_HW_ACCEL >>> + select CMD_EXT4 >>> + select CMD_EXT4_WRITE >>> bool >>> default y >> >> Are you going to need this for all PowerPC platforms? This changes increases 3K >> in text section. >> >> Will Ruchika confirm? >> >> York > > We don't need this option on PowerPC platforms as we currently don't support distro > boot on PowerPC platforms. So we can enable this option for ARM platforms only. Please update the patch to enable these options selectively. York
> -----Original Message----- > From: York Sun > Sent: Thursday, September 07, 2017 9:01 PM > To: Sumit Garg <sumit.garg@nxp.com>; u-boot@lists.denx.de > Cc: Ruchika Gupta <ruchika.gupta@nxp.com>; Prabhakar Kushwaha > <prabhakar.kushwaha@nxp.com>; trini@konsulko.com > Subject: Re: [Patch v2] configs: SECURE_BOOT: Enable > CONFIG_CMD_EXT4_WRITE > > On 09/06/2017 09:10 PM, Sumit Garg wrote: > >> -----Original Message----- > >> From: York Sun > >> Sent: Wednesday, September 06, 2017 9:47 PM > >> To: Sumit Garg <sumit.garg@nxp.com>; u-boot@lists.denx.de > >> Cc: Ruchika Gupta <ruchika.gupta@nxp.com>; Prabhakar Kushwaha > >> <prabhakar.kushwaha@nxp.com>; trini@konsulko.com > >> Subject: Re: [Patch v2] configs: SECURE_BOOT: Enable > >> CONFIG_CMD_EXT4_WRITE > >> > >> On 08/25/2017 03:03 AM, Sumit Garg wrote: > >>> As part of chain of trust with confidentiality along with distro > >>> boot, linux kernel image needs to be stored in encrypted form on > >>> ext4 boot partition. So enable CONFIG_CMD_EXT4_WRITE in case of > >>> Secure boot. > >>> > >>> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> > >>> --- > >>> > >>> Changes in v2: > >>> Instead of adding CMD_EXT4_WRITE option in each defconfig, added > >>> this option in Kconfig. > >>> > >>> board/freescale/common/Kconfig | 2 ++ > >>> 1 file changed, 2 insertions(+) > >>> > >>> diff --git a/board/freescale/common/Kconfig > >>> b/board/freescale/common/Kconfig index 53b606e..3496eed 100644 > >>> --- a/board/freescale/common/Kconfig > >>> +++ b/board/freescale/common/Kconfig > >>> @@ -6,6 +6,8 @@ config CHAIN_OF_TRUST > >>> select SPL_BOARD_INIT if (ARM && SPL) > >>> select SHA_HW_ACCEL > >>> select SHA_PROG_HW_ACCEL > >>> + select CMD_EXT4 > >>> + select CMD_EXT4_WRITE > >>> bool > >>> default y > >> > >> Are you going to need this for all PowerPC platforms? This changes > >> increases 3K in text section. > >> > >> Will Ruchika confirm? > >> > >> York > > > > We don't need this option on PowerPC platforms as we currently don't > > support distro boot on PowerPC platforms. So we can enable this option for > ARM platforms only. > > Please update the patch to enable these options selectively. > > York Sure I will send this change in v3. Sumit
diff --git a/board/freescale/common/Kconfig b/board/freescale/common/Kconfig index 53b606e..3496eed 100644 --- a/board/freescale/common/Kconfig +++ b/board/freescale/common/Kconfig @@ -6,6 +6,8 @@ config CHAIN_OF_TRUST select SPL_BOARD_INIT if (ARM && SPL) select SHA_HW_ACCEL select SHA_PROG_HW_ACCEL + select CMD_EXT4 + select CMD_EXT4_WRITE bool default y
As part of chain of trust with confidentiality along with distro boot, linux kernel image needs to be stored in encrypted form on ext4 boot partition. So enable CONFIG_CMD_EXT4_WRITE in case of Secure boot. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> --- Changes in v2: Instead of adding CMD_EXT4_WRITE option in each defconfig, added this option in Kconfig. board/freescale/common/Kconfig | 2 ++ 1 file changed, 2 insertions(+)