| Message ID | 20211020024933.16964-1-chiawei_wang@aspeedtech.com |
|---|---|
| Headers | show |
| Series | aspeed: Support secure boot chain with FIT image verification | expand |
Thank you all for the review comments and tags. I will prepare the v8 patch with tag included and comments addressed. In addition, as DM_HASH has been merged into the master branch. The v8 patch will be rebased on the master branch. Thanks, Chiawei > From: U-Boot <u-boot-bounces@lists.denx.de> On Behalf Of Chia-Wei Wang > Sent: Wednesday, October 20, 2021 10:49 AM > > This patch series intends to provide a secure boot chain from SPL to Linux > kernel based on the hash and signature verification of FIT image paradigm. > > To improve the performance and save code size (SPL is limited to 64KB due to > HW-RoT), the drviers of two HW crypto engine HACE and ACRY are also added > for AST26xx SoCs. > > As HACE and ACRY can only access to DRAM space, additional configuration > and boot command are also updated according to move each FIT image before > its booting. > > In addition, the common code of FIT image hash algorithm lookup is also > revised to leverage the HW accelerated calculation. > > v7: > - fix missing interrupt status clear for ACRY RSA operation > > v6: > - fix parameter comment for v5 update > > v5: > - fix inconsistent parameter name due to parallel patch work > > v4: > - add new DM_HASH based driver for Aspeed HACE > - remove SPL board init, which was originally used to probe non-DM HACE > driver > - fix typo of ARCY to ACRY > - refactor defconfig based on the new Kconfig of U-Boot next branch > > v3: > - add SW work around for HACE HW DMA issue by resetting HACE > - add reset control for HACE device tree node > - sync all of the HACE error message to use debug() > > v2: > - update commit authors > > Chia-Wei Wang (9): > image: fit: Fix parameter name for hash algorithm > aspeed: ast2600: Enlarge SRAM size > clk: ast2600: Add RSACLK control for ACRY > crypto: aspeed: Add AST2600 ACRY support > ARM: dts: ast2600: Add ACRY to device tree > ast2600: spl: Locate load buffer in DRAM space > configs: ast2600-evb: Enable SPL FIT support > configs: aspeed: Make EXTRA_ENV_SETTINGS board specific > configs: ast2600: Boot kernel FIT in DRAM > > Joel Stanley (2): > clk: ast2600: Add YCLK control for HACE > ARM: dts: ast2600: Add HACE to device tree > > Johnny Huang (1): > crypto: aspeed: Add AST2600 HACE support > > arch/arm/dts/ast2600-evb.dts | 10 + > arch/arm/dts/ast2600.dtsi | 17 + > arch/arm/include/asm/arch-aspeed/platform.h | 2 +- > .../arm/include/asm/arch-aspeed/scu_ast2600.h | 6 +- > arch/arm/mach-aspeed/ast2600/spl.c | 9 +- > common/image-fit.c | 4 +- > configs/evb-ast2600_defconfig | 22 +- > drivers/clk/aspeed/clk_ast2600.c | 38 ++ > drivers/crypto/Kconfig | 2 + > drivers/crypto/Makefile | 1 + > drivers/crypto/aspeed/Kconfig | 20 + > drivers/crypto/aspeed/Makefile | 2 + > drivers/crypto/aspeed/aspeed_acry.c | 190 +++++++++ > drivers/crypto/aspeed/aspeed_hace.c | 381 > ++++++++++++++++++ > drivers/crypto/hash/Kconfig | 8 + > include/configs/aspeed-common.h | 9 - > include/configs/evb_ast2500.h | 9 + > include/configs/evb_ast2600.h | 16 + > lib/rsa/Kconfig | 10 +- > 19 files changed, 729 insertions(+), 27 deletions(-) create mode 100644 > drivers/crypto/aspeed/Kconfig create mode 100644 > drivers/crypto/aspeed/Makefile create mode 100644 > drivers/crypto/aspeed/aspeed_acry.c > create mode 100644 drivers/crypto/aspeed/aspeed_hace.c > > -- > 2.17.1