projects / oweals / u-boot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4991b4f) | patch
arm: mvebu: Implement secure boot
authorMario Six <mario.six@gdsys.cc>
Wed, 11 Jan 2017 15:01:00 +0000 (16:01 +0100)
committerStefan Roese <sr@denx.de>
Wed, 1 Feb 2017 08:04:18 +0000 (09:04 +0100)
commita1b6b0a9c1f91756b93e6d804837dc178d79d39e
treee66ce37c0d31f8ce1dac414cb470e1d2037a77f9tree | snapshot
parent4991b4f7f1e55fed161462cefca7fe483fd3e477commit | diff
arm: mvebu: Implement secure boot

The patch implements secure booting for the mvebu architecture.

This includes:
- The addition of secure headers and all needed signatures and keys in
  mkimage
- Commands capable of writing the board's efuses to both write the
  needed cryptographic data and enable the secure booting mechanism
- The creation of convenience text files containing the necessary
  commands to write the efuses

The KAK and CSK keys are expected to reside in the files kwb_kak.key and
kwb_csk.key (OpenSSL 2048 bit private keys) in the top-level directory.

Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>
Makefile diff | blob | history
arch/arm/mach-mvebu/Kconfig diff | blob | history
arch/arm/mach-mvebu/Makefile diff | blob | history
arch/arm/mach-mvebu/efuse.c [new file with mode: 0644] blob
arch/arm/mach-mvebu/include/mach/cpu.h diff | blob | history
arch/arm/mach-mvebu/include/mach/efuse.h [new file with mode: 0644] blob
doc/README.armada-secureboot [new file with mode: 0644] blob
tools/Makefile diff | blob | history
tools/kwbimage.c diff | blob | history
tools/kwbimage.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.