brain-hackers_pepepper-mirror/u-boot-brain
1
0
Fork 0
mirror of https://github.com/brain-hackers/u-boot-brain synced 2024-09-29 08:00:26 +09:00
Code Issues Projects Releases Wiki Activity

warp7: Add support for automated secure boot.scr verification

Browse Source 
This patch adds support for verifying a signed boot.scr. With this in place
it's possible for run-time Linux to update boot.scr to set different
variables such as switching between different boot partitions, pointing to
different kernels etc and for u-boot to verify these changes via the HAB
prior to executing the commands contained in boot.scr.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
This commit is contained in:
Bryan O'Donoghue 2018-04-24 18:46:47 +01:00 committed by Stefano Babic
parent baea5ecd26
commit bb96a08d5b
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
include/configs/warp7.h
View File

@ -53,6 +53,14 @@
"root=PARTUUID=${uuid} rootwait rw\0" \
"ivt_offset=" __stringify(BOOTROM_IVT_HDR_OFFSET)"\0"\
"warp7_auth_or_fail=hab_auth_img_or_fail ${hab_ivt_addr} ${filesize} 0;\0" \
"do_bootscript_hab=" \
"if test ${hab_enabled} -eq 1; then " \
"setexpr hab_ivt_addr ${loadaddr} - ${ivt_offset}; " \
"setenv script ${script_signed}; " \
"load mmc ${mmcdev}:${mmcpart} ${hab_ivt_addr} ${script}; " \
"run warp7_auth_or_fail; " \
"run bootscript; "\
"fi;\0" \
"loadbootscript=" \
"load mmc ${mmcdev}:${mmcpart} ${loadaddr} ${script};\0" \
"bootscript=echo Running bootscript from mmc ...; " \
@ -79,6 +87,7 @@
#define CONFIG_BOOTCOMMAND \
"mmc dev ${mmcdev};" \
"mmc dev ${mmcdev}; if mmc rescan; then " \
"run do_bootscript_hab;" \
"if run loadbootscript; then " \
"run bootscript; " \
"else " \