Hi Jen, On 25 September 2018 at 07:40, Jens Wiklander <jens.wiklan...@linaro.org> wrote: > Hi, > > This adds support for storing AVB rollback indexes in the RPMB partition. > The RPMB partition (content and key) is managed by OP-TEE > (https://www.op-tee.org/) which is a secure OS leveraging ARM TrustZone. > > The Linux kernel can already support OP-TEE with reading and updating > rollback indexes in the RPMB partition, the catch is that this is needed > before the kernel has booted. > > The design here is the same as what is in the Linux kernel, with the > exception that the user space daemon tee-supplicant is integrated in the > OP-TEE driver here (drivers/tee/optee/supplicant.c) instead. A new uclass > (UCLASS_TEE) is introduced to provide an abstraction for interfacing with a > Trusted Execution Environment (TEE). There's also the OP-TEE driver using > UCLASS_TEE for registration. > > A Trusted Application (TA) interface is added to be used by the AVB verify > functions which are updated accordingly. The TA is managed by OP-TEE and is > executed in a secure TrustZone protected environment. > > The header files drivers/tee/optee/optee_{msg,msg_supplicant,smc}.h and > include/tee/optee_ta_avb.h are copied from > https://github.com/OP-TEE/optee_os/tree/master more or less unmodified. > They may need to be updated from time to time in order to support new > features. > > In MMC there's a new function, mmc_rpmb_route_frames(), which as the name > suggests is used to route RPMB frames to/from the MMC. This saves OP-TEE > from implementing an MMC driver which would need to share resources with > its counterpart here in U-Boot. > > This was tested on a Hikey (Kirin 620) board. > > I've added myself as maintainer of the TEE stuff. > > changes in v4: > * Addressed review comments from Simon Glass > * Rebased on v2018.09 > * "avb_verify: bugfix avb_ops_free() skipping free" removed due to the rebase > * Commits "dt/bindings: add bindings for optee", > "sandbox: imply CONFIG_TEE (TEE uclass)", > "tee: add sandbox driver", > "avb_verify: support using OP-TEE TA AVB", > "test_avb: Update pymark.buildconfigspec information for the AVB tests", > "Kconfig: sandbox: enable cmd_avb and dependencies", > Reviewed-by: Simon Glass <s...@chromium.org> > * Added descriptions of additional structs and functions > * In commit "avb_verify: support sandbox configuration" avoid the > #ifdef CONFIG_SANDBOX in get_sector_buf() as suggested by Simon.
You might consider using patman, where you add the change log for each patch individually, and it produces the change log for the series automatically. I find it harder to review patches which don't have their own individual change log. Regards, Simon _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot