The patch implements secure booting for the mvebu architecture.
This includes:
- The addition of secure headers and all needed signatures and keys in
mkimage
- Commands capable of writing the board's efuses to both write the
needed cryptographic data and enable the secure booting mechanism
- The creation of convenience text files containing the necessary
commands to write the efuses
The KAK and CSK keys are expected to reside in the files kwb_kak.key and
kwb_csk.key (OpenSSL 2048 bit private keys) in the top-level directory.
Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>
Offset 0x1 in the generated kwb image file is a set of flags, bit 0
enables debug output from the BootROM firmware. Allow a DEBUG option in
the kwb configuration to request debug output from the BootROM firmware.
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Stefan Roese <sr@denx.de>
Offset 0x18 in some Marvell datasheets this field is redacted as
"reserved". This offset is actually a set of options and bits 2:0 allow
the selection of the UART baudrate.
Allow a BAUDRATE option to set the UART baudrate for any messages coming
from the BootROM firmware.
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Stefan Roese <sr@denx.de>
KWB image header values are in little endian (LE).
So adding appropriate cpu_to_leXX() calls to allow building those images
on BE hosts, too.
Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Currently, kwboot only allows dynamic UART boot mode patching for SoCs
with header version 0 (Orion, Kirkwood). This patch now enables this "-p"
feature also for SoCs with header version 1 (Armada XP / 38x etc). With
this its possible now to use the UART boot mode without on images that
are generated for other boot devices, like SPI. So no need to change
BOOT_FROM to "uart" for UART xmodem booting any more.
Signed-off-by: Stefan Roese <sr@denx.de>
Tested-by: Kevin Smith <kevin.smith@elecsyscorp.com>
Cc: Luka Perkov <luka.perkov@sartura.hr>
Cc: Dirk Eibach <eibach@gdsys.de>
This patch adds support for "kwbimage" (Kirkwood Boot Image)
image types to the mkimage code.
For details refer to docs/README.kwbimage
This patch is tested with Sheevaplug board
Signed-off-by: Prafulla Wadaskar <prafulla@marvell.com>
Acked-by: Ron Lee <ron@debian.org>
Signed-off-by: Prafulla Wadaskar <prafulla@marvell.com>