From patchwork Thu Jul 14 16:27:53 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sumit Garg X-Patchwork-Id: 648303 X-Patchwork-Delegate: yorksun@freescale.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from theia.denx.de (theia.denx.de [85.214.87.163]) by ozlabs.org (Postfix) with ESMTP id 3rqsj70flhz9sCY for ; Thu, 14 Jul 2016 20:42:35 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 8CAA94B9AD; Thu, 14 Jul 2016 12:42:32 +0200 (CEST) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dj_blTYgy9p5; Thu, 14 Jul 2016 12:42:32 +0200 (CEST) Received: from theia.denx.de (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id CD25D4B97D; Thu, 14 Jul 2016 12:42:31 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id AB4884B97D for ; Thu, 14 Jul 2016 12:42:28 +0200 (CEST) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xzz4xjzHkp9X for ; Thu, 14 Jul 2016 12:42:28 +0200 (CEST) X-Greylist: delayed 1036 seconds by postgrey-1.34 at theia; Thu, 14 Jul 2016 12:42:24 CEST X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested) Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0060.outbound.protection.outlook.com [104.47.36.60]) by theia.denx.de (Postfix) with ESMTPS id 0BFE14B811 for ; Thu, 14 Jul 2016 12:42:24 +0200 (CEST) Received: from BLUPR0301CA0042.namprd03.prod.outlook.com (10.162.113.180) by CY1PR03MB2411.namprd03.prod.outlook.com (10.167.8.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.539.14; Thu, 14 Jul 2016 10:09:31 +0000 Received: from BL2FFO11FD063.protection.gbl (2a01:111:f400:7c09::153) by BLUPR0301CA0042.outlook.office365.com (2a01:111:e400:5259::52) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.528.16 via Frontend Transport; Thu, 14 Jul 2016 10:09:31 +0000 Authentication-Results: spf=fail (sender IP is 192.88.168.50) smtp.mailfrom=nxp.com; nxp.com; dkim=none (message not signed) header.d=none; nxp.com; dmarc=fail action=none header.from=nxp.com; nxp.com; dkim=none (message not signed) header.d=none; Received-SPF: Fail (protection.outlook.com: domain of nxp.com does not designate 192.88.168.50 as permitted sender) receiver=protection.outlook.com; client-ip=192.88.168.50; helo=tx30smr01.am.freescale.net; Received: from tx30smr01.am.freescale.net (192.88.168.50) by BL2FFO11FD063.mail.protection.outlook.com (10.173.161.159) with Microsoft SMTP Server (TLS) id 15.1.523.9 via Frontend Transport; Thu, 14 Jul 2016 10:09:30 +0000 Received: from localhost.localdomain.ap.freescale.net ([10.232.14.164]) by tx30smr01.am.freescale.net (8.14.3/8.14.0) with ESMTP id u6EA8woE019249; Thu, 14 Jul 2016 03:09:27 -0700 From: Sumit Garg To: Date: Thu, 14 Jul 2016 12:27:53 -0400 Message-ID: <1468513673-5406-4-git-send-email-sumit.garg@nxp.com> X-Mailer: git-send-email 1.8.1.4 In-Reply-To: <1468513673-5406-1-git-send-email-sumit.garg@nxp.com> References: <1468513673-5406-1-git-send-email-sumit.garg@nxp.com> X-EOPAttributedMessage: 0 X-Matching-Connectors: 131129645711011734; (91ab9b29-cfa4-454e-5278-08d120cd25b8); () X-Forefront-Antispam-Report: CIP:192.88.168.50; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(6009001)(7916002)(2980300002)(1110001)(1109001)(339900001)(199003)(189002)(68736007)(85426001)(2351001)(47776003)(229853001)(8676002)(76176999)(86362001)(36756003)(50986999)(106466001)(33646002)(87936001)(105606002)(189998001)(110136002)(92566002)(50466002)(7846002)(81156014)(97736004)(19580405001)(48376002)(305945005)(104016004)(5003940100001)(8936002)(586003)(4326007)(2906002)(77096005)(11100500001)(19580395003)(50226002)(2950100001)(6806005)(81166006)(8666005)(356003)(7059030)(4720700001); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR03MB2411; H:tx30smr01.am.freescale.net; FPR:; SPF:Fail; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BL2FFO11FD063; 1:MalmN3lEPqnocDuDP6lIyevfhDfhtBtEhUxRnlME9xW4ws6R2LqoImgIhyYLjqEXWmYH7p4DIHQ8oV1duaiAldgySCPqpw3VxJqDku0i+ZP/89TG7z21nmdCRwVKxd/pXlxXbyyz6HCzR5Zu8msgm8BwPugIw4wgplP3Kh1fU0VpQDniMWEM+fT3+pQ1Kv3ptoXXSmSjX46pfIXIZu5Hz/WtzdEMyz3ZwlonoSc+HhR+JlfiLNzfBe0zdBjYZgcDeE1uFMlj7Onlr7NENAU/Pveyp4jOJtTI+YmRRNxN39O4kTiulqN9tk6xxDvPV68cowniCVlJGeWMHlGSFmKIruXo0suVLEBWZn26yq8HOEo3QZeesfAZIMfdJaFzMafNfnBfKHiidPj8Gh5kjEOln4Gt8PJncFy3CTjkN02irnYZafMKUMB7lAr4lBKmZ9aGSQWlvKQPm4SOZe+/b8WrMhY2aiuYVkvjODDg/4UvByyUZPotVxtr0ObFHx863VHnAA6KR/gKAD9P1Uueb6LRBCn/tDheWbGvuQLkp2YGaJ2G0p9zRAEP/n0I1RKAkDG1jwN4hF9AhgHBbclRUiXsVmJ/Ac1l/LPh/1IhAuQodaLFUo7BCIZTuIZqoTvkxllYtIec8DSWWbVxPUtBm+1PU8UPA1PGFzPUfbbIjHsuu6/QqpUaxRyoidW2WeK5lRN2MHP/RnXYOpE20sK8apxdjunZlyBM8Qgzn5Wron6LeFU= MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 62f4cfb4-e6ce-49b9-4e35-08d3abcef295 X-Microsoft-Exchange-Diagnostics: 1; CY1PR03MB2411; 2:xVe6OquSl/bDLr1sLL4xbpBcl9bNlgqeAq9jIn0LYHih+jTRu4hO9c5kkEalI/nrMJsnOAv1yG1gIP33Aua7SBnXpL9Ntjn1m6u+wZV1RAzqUyJfEXJUJuVGP/iZ1TM1+CFfMmGnIF/O5zXQuIeAu2uvZssINO5fsFGR48QUi7TgzXn8jWuYo0E0Q6KBcFM9; 3:uMKU01YS88iIFaVg7fz3vm4rfRIPWSL6oAxIkccS9IHIyljiNzejgnYnLN7fRVES5ZkN9GXguyeYHiYlmX1pTaxX5WapyEiRdN0ygPNHsAi0XiY6vA92tgF+YNVCrm7PqC/BD/GCae/A7jJckm3QuRUn+64GDEXYMv51dtNUBkQMpxbIzQiIiXrSeIx0mgy5qfTT8B8Kx/1Mw81TnFq52rDHglHAz7qv+8+w56fghls= X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR03MB2411; X-Microsoft-Exchange-Diagnostics: 1; CY1PR03MB2411; 25:u+DLAaM5B86b9mJxFNRjQibgtDFDdIX6rD7Ew4YwfSz1EkhFXxGaKDbsojqfklTMtcYJHtnudNC7QRvS5miqAU5aMocqZ+enhedaHbWOtIQeV5mQnR5i9Jjtxsdw/4iDngOmGow/S11abHnGpR1MSkrhD535YpBaufW+k9CIwFvvNua2eXa1mmvId3hvgbHVoenG4DC6wIlhx21SmK7QyD4K3ghSQTxDRFySkZYtyB42PWFC1DRlNdm96XbqVEEPw2KEqMABRbxCt585lKXB7Qqc61w07MYv56Ew1KJ5Ky5me2qaFVplgCXUlXgtIpvsDd/98Jc97uD61mjqd6D0dE8AmCuW/IjyZb3p4Dq64jgNZaoU+0V0qibKEJueuvHLp2xmiR6dSUWLV+bdhX9c5RineM8bSJScsYH0NzaH+7dCckxwTpQm+hFeapm+f7fPLcv2w0ggBukWz9gmsKLtjzJS6UFoqFbIpHVQhU0zpD/Ee5B0mWFFgfxxdCu9UpAoU3LjihFkKJ/jcoaT88ltHGXZG9BFRXC/RlQ+3l4woUAl1rOShRuKE5mjD0aIyuQD4uPXmsVRc3bSzDpXTlrFCSn6pOmAjz5wIhVMd4cKcNOj9YaKD97v8yUzDIE0hyf34l/MeuWj0KBbUPYd4E05QqF9q44Rhd6KGauHLig5URlSdmLu2XcQVQ1Pqb0Qw8Tf/6gnVkDhCgBUpuGxFFBxpOy96dTRrDUPR5hnHPb0P5nMdbNr5vpbxfVS8VqEGctiZJO6F5BY5HI2OgeFSdGV7g== X-Microsoft-Exchange-Diagnostics: 1; CY1PR03MB2411; 31:6W4h8fNYB7os6CjXjIVfl8ttjnhea1i8mbiLL5w5BZmDOsj3QpF+qhusdlWobaimE3rxEAseiLelwN70SnNyqCUhkBZEKHB0cQP8M3krupcuPdiparqDsZmQYr3jgPQattRv3c8X3IpRgQqmDC8PjZUdHY3g82PDGTNXfjUxLALoEAgrIFVLkC+XRPN29ktG60qw8qePhJI+wLfSGBqbEQ==; 4:xIiUk/MLMxtm2+nhNmsHEavAD4cyiNLw8KbtZh89mLmP5a2Y1NQpNNtkMUhrOXklVVsGjm2IPYIJs4OUkGpHqzN11JW5xU6G7U9+jvRiNbU/JafowJWFoiLQ0dTE6UMXD+51QMw5fsLyulZAUEHKxxe81eVJL01MwcqWyVckXQ+s1PG+H649owtgzQhSFCIu/slsy/Tg1CkmDjKRSlvVkrfd4tylrK9BahvZJlUKQtKD3q9U1Ol+g8ll1GmypWAxUZEFA/RdFt3+qkhb/44yHOUYNB+k4wWqteYf9wQczM0zO3u2iaMf3vXoetT2PyWPskGtJ1+grjh19QC/iOEv+YtO/lj+jrbC+ndxQ3Fj1fG31p+xEtfBNUCqctb0Y9fP73K9dUBWspuTkLUFAgNCTzLAV/9ZYER/Pnqw4osvyoT6s/nLfnrybohkfcfcOWqKvk0SA96rOVmK/PmY0nmMmr9FVOnMhk3WMhoUY/ftDt1SRODGGGzBHwf98MH8OZyBayGzBpKUoXOgKFYIl8bR2Q== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(185117386973197); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(13023025)(8121501046)(5005006)(13015025)(13018025)(13017025)(13024025)(10201501046)(3002001)(6055026); SRVR:CY1PR03MB2411; BCL:0; PCL:0; RULEID:(400006); SRVR:CY1PR03MB2411; X-Forefront-PRVS: 00032065B2 X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; CY1PR03MB2411; 23:EHeN/w4WRFCqvxf4beaRI+IVVo5+njLluIsFqwQ/f?= =?us-ascii?Q?Lda3QucMBdDa50VIkvdI9Xd7R+FBw3TsCiyF0Sz4WxNikfJmjnLg0rITKbi+?= =?us-ascii?Q?poUdtg3eii+fO6YXSPcaQqOEnmYaPkqOiJX40ej50whS05l9yh+z1JACkkUO?= =?us-ascii?Q?GszOdpMBcK3DzuwyxF+w7bBIoyrr9O2+VGmsdp4lyQd4kRspByVfU8vSbGIe?= =?us-ascii?Q?bLxcFvjdrRqrcnPRooOJkPfLzRw83oTG36GWxh15Z87msNrHcLQGJAbVFY1E?= =?us-ascii?Q?H8csSQwRZPHkT+82sOF31n8zQxR17D4x8pbyEzP7ub0oJjbOT9STmGZJBvMl?= =?us-ascii?Q?RONvqSJSXVqUXU8hmZV0tgwg+i8g9nQ1Tx0jBSyE5ycSsK8yrTFGyTBbn/y4?= =?us-ascii?Q?l2b9QIJ6b2XfHhEiNrZhCM78yHFWoGdPxOao2RK7uQ4lWrS2byKseGx/4P7i?= =?us-ascii?Q?D3PqVgmsK8x8c2OE5kc/28iANgvHbdeHdWHprNQW7FwadC3F44K3cRfwf6l9?= =?us-ascii?Q?N2RJyzmsimh8cdjpto5laJn3xw7OBsACFpyh8dtX6wBO6gSoT5mQaC36lT2h?= =?us-ascii?Q?JjcX8Nj1yBBGPRQBQ36uWJKqJWJgeiXT2w+Vznu4ttHlKE9RZ1eKuQbHbYGU?= =?us-ascii?Q?BwYEIOYS1RW3SH8ohf769U1AXEV57r6sXrpoGupVrsYjMVDRA4jkkAylVKfE?= =?us-ascii?Q?+BaxpGP/umf6RYcHQHxEZmpCeMy6HGkzXaKmBfnosL3Z3ez29CxdUp0pTOiI?= =?us-ascii?Q?E6XR0ILPE5+e0oOpnrBe2MqTerm7raGmNZmZsNMoDv8tF1+4n3xYCttj14aE?= =?us-ascii?Q?pE50O5K0rKT4j0T8GXeQmwqgiixap+9BiXigWE5o1WW7dyhIdsox2feVUtO1?= =?us-ascii?Q?90JKMhJjEIAjt4Pedpdt041imzfvZjoJi6fLq642v++MJ/siTECeClbYbV8h?= =?us-ascii?Q?5V/+br/IP3cIM1FImWDm8x4kYAfFujBto7EYECZP2z1jDeDml2/OMmg9ZXte?= =?us-ascii?Q?WkNmHZiNB1uSlYTUMkmVy8F9jEvUrGP1ErmufNv3oz9R8U2d8QpJf/wO5sh5?= =?us-ascii?Q?kpeG009H5wmYUjtrZDPiUfa3WZ1llcaLIIJIGk5yoEtqxct2O+X6hCgCtWlw?= =?us-ascii?Q?rzS2Lz2nLXVBwsVtpftP1ZrQTpi7nHFaiinG7vRiHnXDTao9pwatxUpYiavO?= =?us-ascii?Q?QVgh6WXA6cvPpg=3D?= X-Microsoft-Exchange-Diagnostics: 1; CY1PR03MB2411; 6:j4zol/74uKqbEeIXBlZVaaI4ZWD3ecdx3igxU2mC1aBOYPD95QM2A3B3uz8c8UIII/klDDiRvEDgDvTEddhdOANvW5oaHrkJlApu6tC21UQwYWPTdDHF2Yc9ro9HQGsLvda1zz7gfZmgqdktXZWUi7PzjjtMlvm/jbXMEcptVYvJQsF23OdO6pY6Ua9aEOQ6srDWHGinygOlesHcZ9pT4A+CRJbznI2UTO5TBsx1a5vT5zbRTvuZkcnFD7/wilvbFkR3DwPIFbfus3iQmYNIlfS5Pl8fF/AVfQvUc3Wtrlc=; 5:6Vnh9pynLinrkHq60KGg3esdYZw0bKNEpTlot3/1KsNOVGA+qpr4ZgaPru2aPMMtYXof/lM6uWvuPaIBqA/HsJw6sW3bqM7PBr3cwQWB/9JQjOTxFe9ETdpjojRmwFG+XjFJHflXMfjdU8KlYyqhB0gXQag1p1GnjIFKLKGF8zA=; 24:9dQhb3r0GfPq//5NW/D/T7ttEsZ/ThwCLVyBXwhNOmyony+VK6PkKm+F0hI7catEP3PBHOQ3xw9boaZddwF3OJyFetl0fq/gozipNJaGJ/U=; 7:nrFWhQlwDx4hNlM1VMDeLDwaRqpehM70jTWeXOTSp4fakjQLtYgGABqJab6TroFVtMeJYQashPtyLr7VfJFzwIdwhFZp8Pd5k/emoM/BJ6cc1NWmf8JDuMRGtM5gnA1gk1SOksUcuudlCQwySEzzG97B5QcMG6OpAD+dFuNvQzZ12XhFyG0CA2pbD2SAPS8qwXWcmoV94sksRyTWr0JKLWX0XpMCT8sb3UKhdQlSRosS3/mFOYEWLnF3ZRr+4sgH SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Jul 2016 10:09:30.9139 (UTC) X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e; Ip=[192.88.168.50]; Helo=[tx30smr01.am.freescale.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR03MB2411 Cc: trini@konsulko.com, sjg@google.com, ruchika.gupta@nxp.com Subject: [U-Boot] [PATCH 3/3] doc: SPL: Add README for secure boot support X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.15 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Adds information regarding SPL handling validation process of main u-boot image on power/mpc85xx and arm/layerscape platforms. Signed-off-by: Sumit Garg Reviewed-by: Simon Glass --- Changes PATCH v5->PATCH v6: Added README for SECURE BOOT support in SPL framework. doc/SPL/README.spl-secure-boot | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 doc/SPL/README.spl-secure-boot diff --git a/doc/SPL/README.spl-secure-boot b/doc/SPL/README.spl-secure-boot new file mode 100644 index 0000000..f2f8d78 --- /dev/null +++ b/doc/SPL/README.spl-secure-boot @@ -0,0 +1,18 @@ +Overview of SPL verified boot on powerpc/mpc85xx & arm/layerscape platforms +=========================================================================== + +Introduction +------------ + +This document provides an overview of how SPL verified boot works on powerpc/ +mpc85xx & arm/layerscape platforms. + +Methodology +----------- + +The SPL image is responsible for loading the next stage boot loader, which is +the main u-boot image. For secure boot process on these platforms ROM verifies +SPL image, so to continue chain of trust SPL image verifies U-boot image using +spl_validate_uboot(). This function uses QorIQ Trust Architecture header +(appended to U-boot image) to validate the U-boot binary just before passing +control to it.