| Message ID | 1468513673-5406-4-git-send-email-sumit.garg@nxp.com |
|---|---|
| State | Accepted |
| Commit | ebfc066e6f755da373d503608249f77ac298fb5e |
| Delegated to: | York Sun |
| Headers | show |
Hi, On 14 July 2016 at 10:27, Sumit Garg <sumit.garg@nxp.com> wrote: > Adds information regarding SPL handling validation process of main u-boot > image on power/mpc85xx and arm/layerscape platforms. > > Signed-off-by: Sumit Garg <sumit.garg@nxp.com> > --- > > Changes PATCH v5->PATCH v6: > Added README for SECURE BOOT support in SPL framework. > > doc/SPL/README.spl-secure-boot | 18 ++++++++++++++++++ > 1 file changed, 18 insertions(+) > create mode 100644 doc/SPL/README.spl-secure-boot Reviewed-by: Simon Glass <sjg@chromium.org> > > diff --git a/doc/SPL/README.spl-secure-boot b/doc/SPL/README.spl-secure-boot > new file mode 100644 > index 0000000..f2f8d78 > --- /dev/null > +++ b/doc/SPL/README.spl-secure-boot > @@ -0,0 +1,18 @@ > +Overview of SPL verified boot on powerpc/mpc85xx & arm/layerscape platforms > +=========================================================================== > + > +Introduction > +------------ > + > +This document provides an overview of how SPL verified boot works on powerpc/ > +mpc85xx & arm/layerscape platforms. > + > +Methodology > +----------- > + > +The SPL image is responsible for loading the next stage boot loader, which is > +the main u-boot image. For secure boot process on these platforms ROM verifies > +SPL image, so to continue chain of trust SPL image verifies U-boot image using > +spl_validate_uboot(). This function uses QorIQ Trust Architecture header > +(appended to U-boot image) to validate the U-boot binary just before passing > +control to it. Please use "U-Boot" This seems a bit brief. Are there instructions on how to actually set it up? Regards, Simon
diff --git a/doc/SPL/README.spl-secure-boot b/doc/SPL/README.spl-secure-boot new file mode 100644 index 0000000..f2f8d78 --- /dev/null +++ b/doc/SPL/README.spl-secure-boot @@ -0,0 +1,18 @@ +Overview of SPL verified boot on powerpc/mpc85xx & arm/layerscape platforms +=========================================================================== + +Introduction +------------ + +This document provides an overview of how SPL verified boot works on powerpc/ +mpc85xx & arm/layerscape platforms. + +Methodology +----------- + +The SPL image is responsible for loading the next stage boot loader, which is +the main u-boot image. For secure boot process on these platforms ROM verifies +SPL image, so to continue chain of trust SPL image verifies U-boot image using +spl_validate_uboot(). This function uses QorIQ Trust Architecture header +(appended to U-boot image) to validate the U-boot binary just before passing +control to it.
Adds information regarding SPL handling validation process of main u-boot image on power/mpc85xx and arm/layerscape platforms. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> --- Changes PATCH v5->PATCH v6: Added README for SECURE BOOT support in SPL framework. doc/SPL/README.spl-secure-boot | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 doc/SPL/README.spl-secure-boot