This is an RFC for a method that uses a "weak" post-process function call
that's injected into the SPL FIT loading process after each blob has been
extracted (U-Boot firmware, selected DTB) which is populated with a platform
specific function. In case of TI high-security (HS) device variants a ROM API
call is performed (via SMC) that transparently handles authentication and
optional decryption. This essentially allows authenticating (and optionally
decrypting) U-Boot from SPL. The post-processing injection is implemented such
to enable a more universal use of this feature by other platforms or for other
purposes.

Furthermore the build process has been modified to automatically invoke a TI
blob signing/encryption tool through the $TI_SECURE_DEV_PKG env variable
already introduced into U-Boot. This singing/encryption step happens for each
artifact that gets bundled into the final u-boot.img FIT blob.

Why do we need this for our platforms if some generic form of verified boot
already exists in U-Boot? The approach proposed here provides support for
decryption which is currently not available in U-Boot (and may not be easily
implementable generically for example due to the need for keeping symmetric
keys secure). Furthermore it allows for a consistent build as well as runtime
flow no matter authentication and/or decryption is used (as opposed to using
existing U-Boot verified boot for authentication and an additional TI-specific
ROM API call for decryption for example). It also allows for a faster and more
efficient boot process (auth and decryption can be performed in a single step
by the ROM APIs also utilizing crypto HW accelerators in a completely
transparent fashion). However anyone can still use the standard U-Boot verified
boot scheme from U-Boot onwards if they so chose and only need authentication.

The patch series has been tested on DRA7 HS, DRA72 HS, and AM57 HS device
variants. The AM43 HS support is still missing some Makefile changes but the
principle in the final implementation will be similar what's implemented for
the other devices.

Regards,
Andreas Dannenberg

PS: This patch series depends on a few recent patches sent by Lokesh, Madan,
and myself that enable SPL FIT support for various high-secure ICs. However
it should not be necessary to look up those patches for purposes of
digesting this RFC.


Daniel Allred (7):
  spl: fit: add support for post-processing of images
  arm: cache: add missing dummy functions for when dcache disabled
  arm: omap-common: add secure smc entry
  arm: omap-common: add secure rom call API for secure devices
  arm: omap5: add secure ROM signature verify API
  arm: omap5: add FIT image post process function
  ti: omap-common: Update to generate secure FIT

Madan Srinivas (2):
  arm: am4x: add secure ROM signature verify API
  arm: am4x: add FIT image post process function

 arch/arm/cpu/armv7/am33xx/Makefile              |  2 +
 arch/arm/cpu/armv7/am33xx/sec_fxns.c            | 90 +++++++++++++++++++++++++
 arch/arm/cpu/armv7/cache_v7.c                   |  8 +++
 arch/arm/cpu/armv7/omap-common/Makefile         |  4 ++
 arch/arm/cpu/armv7/omap-common/config_secure.mk | 57 +++++++++++++++-
 arch/arm/cpu/armv7/omap-common/lowlevel_init.S  | 47 +++++++++++--
 arch/arm/cpu/armv7/omap-common/sec_bridge.c     | 47 +++++++++++++
 arch/arm/cpu/armv7/omap5/Makefile               |  1 +
 arch/arm/cpu/armv7/omap5/config.mk              |  3 +
 arch/arm/cpu/armv7/omap5/sec_fxns.c             | 70 +++++++++++++++++++
 arch/arm/include/asm/arch-am33xx/sys_proto.h    |  6 +-
 arch/arm/include/asm/arch-omap5/sys_proto.h     |  4 ++
 arch/arm/include/asm/omap_common.h              |  6 ++
 board/ti/am43xx/board.c                         |  7 ++
 board/ti/am57xx/board.c                         |  7 ++
 board/ti/dra7xx/evm.c                           |  7 ++
 common/spl/spl_fit.c                            | 21 ++++--
 include/configs/ti_omap5_common.h               |  4 ++
 include/image.h                                 | 15 +++++
 19 files changed, 391 insertions(+), 15 deletions(-)
 create mode 100644 arch/arm/cpu/armv7/am33xx/sec_fxns.c
 create mode 100644 arch/arm/cpu/armv7/omap-common/sec_bridge.c
 create mode 100644 arch/arm/cpu/armv7/omap5/sec_fxns.c

-- 
2.6.4

_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot

Reply via email to