[PATCH 11/13] ARM: k3: r5: Allow to authenticate next image by ROM API
Sascha Hauer
s.hauer at pengutronix.de
Tue Mar 11 00:54:58 PDT 2025
On Mon, Mar 10, 2025 at 08:26:01PM +0100, Marco Felsch wrote:
> On 25-02-28, Sascha Hauer wrote:
> > This adds the Kconfig option CONFIG_ARCH_K3_AUTHENTICATE_IMAGE. When
> > enabled, the full barebox image will only be started when it can be
> > authenticated using the ROM API.
> >
> > Signed-off-by: Sascha Hauer <s.hauer at pengutronix.de>
> > ---
> > arch/arm/mach-k3/Kconfig | 7 ++++++
> > arch/arm/mach-k3/r5.c | 64 +++++++++++++++++++++++++++++++++++++++++++++++-
> > 2 files changed, 70 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/arm/mach-k3/Kconfig b/arch/arm/mach-k3/Kconfig
> > index 37d5155577..e93e3154c8 100644
> > --- a/arch/arm/mach-k3/Kconfig
> > +++ b/arch/arm/mach-k3/Kconfig
> > @@ -37,6 +37,13 @@ config MACH_BEAGLEPLAY
> > help
> > Say Y here if you are using a TI AM62x based BeaglePlay board
> >
> > +config ARCH_K3_AUTHENTICATE_IMAGE
> > + bool "Force authentication of FIP image against ROM API"
> > + help
> > + By enabling this option the FIP image loaded by the first stage
> > + will be authenticated against the K3 ROM API. Images which fail
> > + to authenticate will not be started.
>
> The ROM is checking only the sha sum or does the ROM also have some kind
> of signature-checking (pub/priv keys requried)?
The ROM cheks against signatures
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the barebox
mailing list