1. 06 Jul, 2018 1 commit
    • Teddy Reed's avatar
      hikey: Add development TBB support · e59a3bff
      Teddy Reed authored
      
      
      This patch adds experimental support for TRUSTED_BOARD_BOOT to the
      Hikey. This is adapted from the RPi3 and QEMU implementations.
      
      Since the Hikey starts from BL2 the TRUSTED_BOARD_BOOT ROT begins there
      too. When TRUSTED_BOARD_BOOT is defined, the BL1 build is skipped.
      
      See the following example:
      
      make \
       PLAT=hikey \
       BL33=u-boot.bin \
       SCP_BL2=mcuimage.bin \
       TRUSTED_BOARD_BOOT=1 \
       MBEDTLS_DIR=../../mbedtls \
       GENERATE_COT=1 \
       all fip
      Signed-off-by: default avatarTeddy Reed <teddy.reed@gmail.com>
      e59a3bff
  2. 25 Oct, 2017 1 commit
  3. 18 Oct, 2017 1 commit
  4. 20 Jun, 2017 1 commit
    • Masahiro Yamada's avatar
      uniphier: embed ROTPK hash into BL1/BL2 · 63634800
      Masahiro Yamada authored
      
      
      Currently, ROTPK_NOT_DEPLOYED flag is set in plat_get_rotpk_info().
      It is up to users how to retrieve ROTPK if the ROT verification is
      desired.  This is not nice.
      
      This commit improves plat_get_rotpk_info() implementation and automates
      the ROTPK deployment.  UniPhier platform has no ROTPK storage, so it
      should be embedded in BL1/BL2, like ARM_ROTPK_LOCATION=devel_rsa case.
      This makes sense because UniPhier platform implements its internal ROM
      i.e. BL1 is used as updatable pseudo ROM.
      
      Things work like this:
      
      - ROT_KEY (default: $(BUILD_PLAT)/rot_key.pem) is created if missing.
        Users can override ROT_KEY from the command line if they want to
        use a specific ROT key.
      
      - ROTPK_HASH is generated based on ROT_KEY.
      
      - ROTPK_HASH is included by uniphier_rotpk.S and compiled into BL1/BL2.
      
      - ROT_KEY is input to cert_create tool.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      63634800